help

John Wan J.Wan at mbs.edu
Thu Jan 18 04:43:52 CET 2007 

Hi Alan,

Now everything works but the Active Directory authentication,Please see
the following output from "$ Radiusd -X" when a wireless client uses
"administrator" logon into the chillispot web logon page:


Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0,
length=223
        User-Name = "administrator"
        CHAP-Challenge = 0xa784482e8ac92fd573e87bbbad9ca58f
        CHAP-Password = 0x00f54cc04e288eec67feff0b13e9448bd2
        NAS-IP-Address = 0.0.0.0
        Service-Type = Login-User
        Framed-IP-Address = 192.168.182.5
        Calling-Station-Id = "00-16-6F-79-91-F4"
        Called-Station-Id = "00-05-5D-9E-0F-94"
        NAS-Identifier = "nas01"
        Acct-Session-Id = "45aec9a900000000"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 0
        Message-Authenticator = 0x97668bae73249b0dd4755ab03d364f34
        WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "administrator", looking up realm
NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched DEFAULT at 153
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
  rlm_chap: login attempt by "administrator" with CHAP password
  rlm_chap: Could not find clear text password for user administrator
  modcall[authenticate]: module "chap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0,
length=223
Sending Access-Reject of id 0 to 127.0.0.1:32772
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 45aecedc
Nothing to do.  Sleeping until we see a request.

  

-----Original Message-----
From: freeradius-users-bounces+j.wan=mbs.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+j.wan=mbs.edu at lists.freeradius.org] On
Behalf Of John Wan
Sent: Friday, 5 January 2007 11:26 AM
To: FreeRadius users mailing list
Subject: RE: help

 Hi Alan,

Many thanks for your help.

Now the kerberos service and the Samba service are running now, I have
followed your instructions on your webpage, but I still have experenced
the similar issue, please see the folloewing:

[root at sun ~]# net join -U Administrator
Administrator's password:
[2007/01/05 10:10:15, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password Administrator at MBUS.LOCAL failed: Cannot find
KDC for requested realm
[2007/01/05 10:10:15, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm Joined domain MBUS.


[root at sun ~]# wbinfo -a administrator%password plaintext password
authentication failed Could not authenticate user administrator%password
with plaintext password could not obtain winbind separator!
could not obtain winbind domain name!
challenge/response password authentication failed Could not authenticate
user administrator with challenge/response

Would you please give me some hints so I could try it again. All I need
is to allow the freeradius server and Chillispot to hand over the
authentication (for wireless client) to the Win2k3 Active Directory. To
be able to achive that, I have to make sure the above two steps are
working (at moment they are not working).

Many thanks again in advance.

Regards

John







-----Original Message-----
From: freeradius-users-bounces+j.wan=mbs.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+j.wan=mbs.edu at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Thursday, 14 December 2006 12:20 PM
To: FreeRadius users mailing list
Subject: Re: help

John Wan wrote:

>  Would you please give me some hints how to start the Kerberos server 
> and how to solve the issue of
>  "ads_connect: Invalid credentials".

  Unfortunately, I'm not a kerberos or Samba expert.  I know just enough
to follow the script.  If it doesn't work, I suggest asking on the Samba
/ kerberos lists.

  i.e. the people who wrote the software are the ones most likely to be
able to help you.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



--
________________________________________________________________________
_______

 

Notice from Melbourne Business School Ltd 


The information contained in this e-mail is confidential, and is
intended for the named person's use only.  It may contain proprietary or
legally privileged information. If you have received this email in
error, please notify the sender and delete it immediately.  You must
not, directly or indirectly, use, disclose, distribute, print, or copy
any part of this message if you are not the intended recipient

Internet communications are not secure. You should scan this message and
any attachments for viruses. Melbourne Business School does not accept
any liability for loss or damage which may result from receipt of this
message or any attachments.

________________________________________________________________________
______ 



 


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



--
_______________________________________________________________________________

 

Notice from Melbourne Business School Ltd 


The information contained in this e-mail is confidential, and is intended for
the named person's use only.  It may contain proprietary or legally privileged
information. If you have received this email in error, please notify the
sender and delete it immediately.  You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you are not
the intended recipient

Internet communications are not secure. You should scan this message and any
attachments for viruses. Melbourne Business School does not accept any
liability for loss or damage which may result from receipt of this message or
any attachments.

______________________________________________________________________________

More information about the Freeradius-Users mailing list