802.1x with freeradius + PEAP + 3com Switch

Thu Feb 5 15:19:36 CET 2009

Hi,

I managed to get authentication of users logged on Windows XP 
workstation to the network.

The machine authentication (while booting) however fails thus preventing 
the users from retrieving their roaming profiles.

Here is the relevant part of the log:

Thu Feb  5 14:39:16 2009 : Debug: rlm_ldap: - authorize
Thu Feb  5 14:39:16 2009 : Debug: rlm_ldap: performing user 
authorization for host/mycomputer
Thu Feb  5 14:39:16 2009 : Debug: radius_xlat: Running registered xlat 
function of module mschap for string 'User-Name:None'
Thu Feb  5 14:39:16 2009 : Debug:   expand: 
(uid=%{mschap:User-Name:None}) -> (uid=mycomputer$)
Thu Feb  5 14:39:16 2009 : Debug:   expand: 
ou=People,dc=mycompany,dc=com -> ou=People,dc=mycompany,dc=com
Thu Feb  5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Feb  5 14:39:16 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Feb  5 14:39:16 2009 : Debug: rlm_ldap: attempting LDAP reconnection

It seems freeradius "tries" to authenticate the computer from the 
ou=People,dc=mydomain,dc=com.

In radiusd.conf I have the following:
  ldap {
         server = "192.168.0.3"
         identity = "uid=dot1x_read_user,ou=People,dc=mydomain,dc=com"
         password = ldapreadpasswd
         basedn = "ou=People,dc=mydomain,dc=com"
         filter = "(uid=%{mschap:User-Name:None})"

I now need to instruct the ldap to search in 
ou=Computers,dc=mydomain,dc=com for the computers authentication.

How do I do this while preserving the working users auth ?

Thanks

Laurent