edir authentication problem

Generic Generic rmc0111 at gmail.com
Mon Dec 31 19:01:17 CET 2007 

Hi,



I really need help with this one. I'm setting up Freeradius 1.1.4 on a SUSE
10 server for our wireless users with XP SP2 using PEAP. Because we use
eDirectory I strip the computer name from the username, not every users uses
the Novell client. The user get authorize but I can't get the authentication
to work. For some reason the first character of the users password is change
for a "a", if the first character is a "a" then it is change for something
else. ???


I installed the 885453 and 917021 patches for Windows XP SP2 and changed the
supplicant mode to 3, didn't help.

This problem does not occur with users using the Novell client SP4.



 I included a few lines from the debug, the password should be mypassw
instead of aypassw.



Robert







ldap_msgfree

TLS trace: SSL_connect:before/connect initialization

TLS trace: SSL_connect:SSLv2/v3 write client hello A

TLS trace: SSL_connect:SSLv3 read server hello A

TLS certificate verification: depth: 1, err: 0, subject: /OU=Organizational
CA/O=CS, issuer: /OU=Organizational CA/O=CS

TLS certificate verification: depth: 0, err: 0, subject: /O=CS/CN=
rep01.mydomain.ca, issuer: /OU=Organizational CA/O=CS

TLS trace: SSL_connect:SSLv3 read server certificate A

TLS trace: SSL_connect:SSLv3 read server done A

TLS trace: SSL_connect:SSLv3 write client key exchange A

TLS trace: SSL_connect:SSLv3 write change cipher spec A

TLS trace: SSL_connect:SSLv3 write finished A

TLS trace: SSL_connect:SSLv3 flush data

TLS trace: SSL_connect:SSLv3 read finished A
rlm_ldap: bind as cn=User1,ou=Techs,o=ORG/aypassw to rep01.mydomain.ca:389
  <=
ldap_bind



...



ldap_chase_referrals

read1msg:  V2 referral chased, mark request completed, id = 2

new result:  res_errno: 49, res_error: <NDS error: failed authentication
(-669)>, res_matched: <>

read1msg: ld 0x8013f578 0 new referrals

read1msg:  mark request completed, ld 0x8013f578 msgid 2

request done: ld 0x8013f578 msgid 2

res_errno: 49, res_error: <NDS error: failed authentication (-669)>,
res_matched: <>

ldap_free_request (origid 2, msgid 2)

ldap_free_connection 0 1

ldap_free_connection: refcnt 1

ldap_parse_result

ldap_msgfree

rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf

ldap_free_connection 1 1

ldap_send_unbind

ldap_free_connection: actually freed

TLS trace: SSL3 alert write:warning:close notify

rlm_ldap: eDirectory account policy check failed.

rlm_ldap: NDS error: failed authentication (-669)

rlm_ldap: ldap_release_conn: Release Id: 0

  modcall[post-auth]: module "ldap1" returns reject for request 1

modcall: leaving group REJECT (returns reject) for request 1

Delaying request 1 for 1 seconds

Finished request 1

Going to the next request

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Sending Access-Reject of id 24 to 10.228.14.81 port 20000

        Reply-Message = "NDS error: failed authentication (-669)"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071231/14d52be3/attachment.html>

More information about the Freeradius-Users mailing list