Freeradius problem, EAP-TTLS works fine, EAP-PEAP does not
Alan DeKok
aland at deployingradius.com
Thu Aug 26 15:35:17 CEST 2010
Jean-Yves Avenard wrote:
> I am running freeradius that comes installed and configured with MacOS
> 10.6 server.
>
> A Windows XP can connect just fine using Microsoft Protected EAP.
> iPhone, mac os client connect just fine using EAP-TTLS
>
> Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but
> not with the default build-in PEAP.
The log you posted shows a clear issue:
> When connecting with Windows 7, I would read:
>
> Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the
> user's uuid.
> Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef():
> dsGetRecordList() status = 0, recCount=0
>
>
> Any hint about what I should be looking at?
Run the server in debugging mode (radiusd -X). Look for the above
errors, and *read* the lines of text around them.
Then use the information from the debug output to look the user up in
OpenDirectory. Odds are that the user doesn't exist, which is why it
can't get the UUID.
> Mind new, I'm a complete noob when it comes to radius, I only started
> playing with it 2 days ago.
This isn't much of a RADIUS error. The user lookup in OpenDirectory
fails, and the UUID wasn't found. The only issue is *who* was being
looked up, and *why* the UUID wasn't found.
Alan DeKok.
More information about the Freeradius-Users
mailing list