Need help with 802.1X authentication to Active Directory
Bryant Marsh
bryantmarsh at cookielee.com
Wed Jun 20 23:17:34 CEST 2007
Hi Ivan,
There are Event log errors in Application and System.
Event ID 1053 - Windows cannot determine the user or computer name. ().
Group Policy processing aborted. Or error: "The specified user does not
exist."
Event ID 5719 - The system cannot log you on now because the domain "name"
is not available."
This would be expected because port security is preventing traffic. Since
DOT1X is enabled on the Cisco switch port for the server, I need to
authenticate against the RADIUS server which is sending credentials to my AD
domain controller.
Both the server and the radius server are on the same switch, so there are
no firewall issues. The switch is an access switch uplinked to the core
switch where the DC is located. All servers are in the same VLAN.
I cannot decipher the meaning of the debug negotiations that are happening,
but it looks like to me that there is some kind of default in the users file
for 255.255.255.254 that is not the IP address of the server in question.
Again, my question is if I need a USERS files, because I was reading that
this file is not required for AD.
Here is my USERS file.
http://www.nabble.com/file/p11222403/users users
Thanks,
Bryant.
tnt wrote:
>
> OK. What does the Event Viewer on Win2K3 client say about failed login
> attempts. Has it recieved Access-Challenge packet? There might be a
> firewall problem.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 20/6/2007, "Bryant Marsh" <bryantmarsh at cookielee.com> piše:
>
>>
>>Hi Ivan,
>>
>>Sorry I forgot to mention that I did import the cert-clt.p12 and
cacert.pem
>>to the local machine certificate store.
>>
>>I was reading a document that was saying that the USERS file is not
>>necessary for authenticating to Active Directory. Is that really true?
>>
>>Here are my config files.
>>http://www.nabble.com/file/p11217074/clients.conf clients.conf
>>http://www.nabble.com/file/p11217074/smb.conf smb.conf
>>http://www.nabble.com/file/p11217074/nsswitch.conf nsswitch.conf
>>http://www.nabble.com/file/p11217074/radiusd.conf radiusd.conf
>>http://www.nabble.com/file/p11217074/eap.conf eap.conf
>>http://www.nabble.com/file/p11217074/hosts hosts
>>
>>Thanks,
>>Bryant.
>>
>>
>>Yes. Certificates created with xpextensions will work with Win2K3 clients
>>as well. But you need to import CA certificate to the trusted
>>certificate store on Windows clients (XP and 2K3; Win 2K can't be used).
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>--
>>View this message in context:
http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11217074
>>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>>
>>-
>>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11222403
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list