again: 802.1x auto login with win login/pass

Seann Clark nombrandue at tsukinokage.net
Mon Nov 17 17:16:52 CET 2008


Hegedus Gabor wrote:
> sorry have some problem with this maillist, get the messages not a 
> valid mail address...
> let's see I try new thread, and hope it will work...
> -------------------------
> Hi all, I have a problem, can't authenticate my user with win login 
> user/pass.
>
> I use:
> - 802.1x
> - newest freeradius, and ubuntu 8.4
> - eap-tls
> - win xp sp2 client, use automatic win logon and pass
>
> When "Automatically use my Windows login name and password" is unchecked
> on the windows, i type user/pass and my radius is accept the request.
> and everything is okay.
>
> But, When i try it with automatic win login/pass, the radius reject 
> the request.
> I set the with-ntdomain-hack=yes to preprocess and it cut the domain 
> part.
> its seems okay but still reject.
>
> I have good user settings.
>
> what is the problem? password encription?
>
> log:
> when windows send automaticly the login and pass:
> Auth: Login incorrect: [Joe/<via Auth-Type = EAP>] (from client switch 
> port
> 50003 cli 00-13-D4-E7-B3-FB)
> Auth: Login incorrect: [Joe/<via Auth-Type = EAP>] (from client switch 
> port
> 50003 cli 00-13-D4-E7-B3-FB)
> Auth: Login incorrect: [joe/<via Auth-Type = EAP>] (from client switch 
> port
> 50003 cli 00-13-D4-E7-B3-FB)
> when I type the l/p:
> Auth: Login OK: [Joe/<via Auth-Type = EAP>] (from client switch port 0 
> via TLS
> tunnel)
> Auth: Login OK: [Joe/<via Auth-Type = EAP>] (from client switch port 
> 50003 cli
> 00-13-D4-E7-B3-FB)
>
>
> <snip>
Two quick simple questions, is your windows password the same as the 
radius server password? The biggest thing with this that I have seen is 
Windows, the password may not be the same as what you may type in. If it 
works in manual mode, I wouldn't think it is anything else but user/pass 
not working right. The EAP messages you see (Joe/<via Auth-Type = EAP>) 
shows that the encrypted tunnel is correct, and since manual mode works, 
password encryption is working as well. I would double check the 
passwords first, make sure that the cert profiles seem to match for 
windows auto mode, and then if that fails, run radius in debug (radiusd 
-xxx)  and see what is breaking in that debug then run that forward to 
the list.

~Seann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5614 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081117/2a7c395a/attachment.bin>


More information about the Freeradius-Users mailing list