Freeradius problem, EAP-TTLS works fine, EAP-PEAP does not

Nolan King nking at mnwd.com
Thu Aug 26 21:19:05 CEST 2010


check the capitalization of username. I have seen instances where xp clients sends all lower, and win7 capitalised the first two characters.

nolan
-- 

Nolan King
Moulton Niguel Water District
27500 La Paz Rd.
Laguna Niguel, CA 92677
(949) 425-3542
24hr: (949) 831-2500


>>> On 8/26/2010 at 11:44 AM, in message
<AANLkTikVfX7SynjsO3-nan1EVjTSL6vVKJs=HCTfZEtE at mail.gmail.com>, Jean-Yves
Avenard <jyavenard at gmail.com> wrote:
> Hi
> 
> On Thursday, August 26, 2010, Alan DeKok <aland at deployingradius.com> wrote:
>> Jean-Yves Avenard wrote:
>>> I am running freeradius that comes installed and configured with MacOS
>>> 10.6 server.
>>>
>>> A Windows XP can connect just fine using Microsoft Protected EAP.
>>> iPhone, mac os client connect just fine using EAP-TTLS
>>>
>>> Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but
>>> not with the default build-in PEAP.
>>
>>   The log you posted shows a clear issue:
>>
>>> When connecting with Windows 7, I would read:
>>>
>>> Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the
>>> user's uuid.
>>> Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef():
>>> dsGetRecordList() status = 0, recCount=0
>>>
>>>
>>> Any hint about what I should be looking at?
>>
>>   Run the server in debugging mode (radiusd -X).  Look for the above
>> errors, and *read* the lines of text around them.
>>
>>   Then use the information from the debug output to look the user up in
>> OpenDirectory.  Odds are that the user doesn't exist, which is why it
>> can't get the UUID.
> 
> I was the one doing the testing. Username/password are identical in all 
> tests.
> 
>>
>>> Mind new, I'm a complete noob when it comes to radius, I only started
>>> playing with it 2 days ago.
>>
>>   This isn't much of a RADIUS error.  The user lookup in OpenDirectory
>> fails, and the UUID wasn't found.  The only issue is *who* was being
>> looked up, and *why* the UUID wasn't found.
>>
> 
> Will run radius in debug mode and report back. I'm still puzzled why
> there would be a difference between 7 and XP in the way they are
> transmitting the user name
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list