FR not working with AD...

Karthik R kartthikr at gmail.com
Thu May 22 02:39:16 CEST 2008


I'm trying to configure freeradius2.0.3 to authenticate wireless users
against AD.

I followed the steps as mentioned in http://deployingradius.com/ and
installation document still not working. The ntlm_auth command is success
and it lists the users and groups from AD using wbinfo -u and wbinfo -g. Now
i see new error message after reconfiguring freeradius server, issue with
SSL.

Installed CA.der certificate alone on the windows xp supplicant, i didnt
generate individual client certificate as i dont want the users to be have
less task to configure wireless . As per my understanding and in previous
freeradius it worked this way installing root.der certificate alone and
without individual supplicant certificate.

I'm unable to authenticate the users against AD. can someone throw some
light here. Attached the log message.

snip =>

rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
    TLS_accept: SSLv3 read client hello A
    TLS_accept: SSLv3 write server hello A
    TLS_accept: SSLv3 write certificate A
TLS Alert write:fatal:handshake failure
    TLS_accept:error in SSLv3 write key exchange A
rlm_eap: SSL error error:1409B0AC:SSL
routines:SSL3_SEND_SERVER_KEY_EXCHANGE:missing tmp rsa key
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [DOMAIN\\kartthikr/<via Auth-Type = EAP>] (from client
10.20.0.0 port 60 cli 0014a526c319)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080521/1c275e7a/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradiuslog.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080521/1c275e7a/attachment.txt>


More information about the Freeradius-Users mailing list