Windows Authentication Failing After Changing IP
Edwin Isada
eisada at gmail.com
Fri Jan 8 00:38:41 CET 2010
Hello everyone,
I recently changed the IP address of our RADIUS server and changed domain
controllers for Windows Authentication. Besides that change we decided to
use LDAP instead of LDAPS on the new domain controller. I didn't think I
would run into a problem with my test lab on the changes that were made.
I'm stumped why the devices can no longer authenticate. Anyone have any
ideas as I'm getting familiar with FreeRADIUS and Linux. I appreciate any
input...
Below is an output of the debug:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.213.254 port 1645, id=13,
length=85
NAS-IP-Address = 192.168.213.254
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "edwinadmin"
Calling-Station-Id = "192.168.213.207"
User-Password = "Teddy133"
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "edwinadmin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "edwinadmin", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for edwinadmin
[ldap] expand:
(&(objectCategory=user)(samaccountname=%{user-name})(memberOf=cn=MIS-NetworkAdmins-All,OU=Security
Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) ->
(&(objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security
Groups,OU=MIS Admin,DC=EIDEV,DC=COM))
[ldap] expand: dc=eidev,dc=com -> dc=eidev,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to eidev-dc6.eidev.com:389, authentication 0
rlm_ldap: bind as eidev\radius/N3tw0rkd3^ to eidev-dc6.eidev.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=eidev,dc=com, with filter
(&(objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security
Groups,OU=MIS Admin,DC=EIDEV,DC=COM))
rlm_ldap: ldap_search() failed: Operations error
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [edwinadmin] (from client EIDEV LAB port 1 cli
192.168.213.207)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> edwinadmin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 13 to 192.168.213.254 port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 13 with timestamp +50
Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100107/41382cc0/attachment.html>
More information about the Freeradius-Users
mailing list