again: 802.1x auto login with win login/pass
Seann Clark
nombrandue at tsukinokage.net
Mon Nov 17 17:16:52 CET 2008
Hegedus Gabor wrote:
> sorry have some problem with this maillist, get the messages not a
> valid mail address...
> let's see I try new thread, and hope it will work...
> -------------------------
> Hi all, I have a problem, can't authenticate my user with win login
> user/pass.
>
> I use:
> - 802.1x
> - newest freeradius, and ubuntu 8.4
> - eap-tls
> - win xp sp2 client, use automatic win logon and pass
>
> When "Automatically use my Windows login name and password" is unchecked
> on the windows, i type user/pass and my radius is accept the request.
> and everything is okay.
>
> But, When i try it with automatic win login/pass, the radius reject
> the request.
> I set the with-ntdomain-hack=yes to preprocess and it cut the domain
> part.
> its seems okay but still reject.
>
> I have good user settings.
>
> what is the problem? password encription?
>
> log:
> when windows send automaticly the login and pass:
> Auth: Login incorrect: [Joe/<via Auth-Type = EAP>] (from client switch
> port
> 50003 cli 00-13-D4-E7-B3-FB)
> Auth: Login incorrect: [Joe/<via Auth-Type = EAP>] (from client switch
> port
> 50003 cli 00-13-D4-E7-B3-FB)
> Auth: Login incorrect: [joe/<via Auth-Type = EAP>] (from client switch
> port
> 50003 cli 00-13-D4-E7-B3-FB)
> when I type the l/p:
> Auth: Login OK: [Joe/<via Auth-Type = EAP>] (from client switch port 0
> via TLS
> tunnel)
> Auth: Login OK: [Joe/<via Auth-Type = EAP>] (from client switch port
> 50003 cli
> 00-13-D4-E7-B3-FB)
>
>
> <snip>
Two quick simple questions, is your windows password the same as the
radius server password? The biggest thing with this that I have seen is
Windows, the password may not be the same as what you may type in. If it
works in manual mode, I wouldn't think it is anything else but user/pass
not working right. The EAP messages you see (Joe/<via Auth-Type = EAP>)
shows that the encrypted tunnel is correct, and since manual mode works,
password encryption is working as well. I would double check the
passwords first, make sure that the cert profiles seem to match for
windows auto mode, and then if that fails, run radius in debug (radiusd
-xxx) and see what is breaking in that debug then run that forward to
the list.
~Seann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5614 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081117/2a7c395a/attachment.bin>
More information about the Freeradius-Users
mailing list