AD Authentication + radius + foundryAP

Alan DeKok aland at deployingradius.com
Tue May 17 22:17:13 CEST 2011


Mark Pipkin wrote:
>>  What does that look like to you?
> 	
> Looks like it is trying to use PAP to authenticate with.

  i.e. you haven't *read* the warning message.  You just saw "pap" and
"WARNING", and stopped there.

  To be excruciatingly simple: RADIUS servers authenticate users by
KNOWING what the correct password is.  If the server doesn't have a
KNOWN GOOD password, it can't authenticate the user.

  The message says that there is no *KNOWN GOOD* password, and therefore
it likely will not be able to authenticate anyone.

> Though PAP is
> local only, at least from what I can tell, and there is no local
> user/pass for this account.  Then it looks like it rolls to a EAP/leap
> authentication method.  At this point it fails.

  No.  The LEAP message has the same meaning as the PAP message.  And
you're again ignoring the *content* of the message.

  Why?

>>  Are the debug messages helpful?
> 
> If I truly understood more, then I'm sure that they would be.  That are
> not as helpful for me; I have a lack of understanding at this point in
> time.

  Read them.  It helps.  Really.

>>  Do they accurately describe the problem, and give you hints for the
> solution?
> 
> I just see the problem as not working.  I don't understand why it didn't
> even attempt mschapv2 when eap default was set to peap and peap default
> was set to mschapv2.

  My messages explained why.

>>  The PC is choosing LEAP, not FreeRADIUS.
> 
> I'm using Win7.  Are you telling me that the PC is the one that is
> picking the security for the radius and not the Foundry Wireless AP
> controller?  

  Did my message contain the phrase "Foundry Wireless AP"?

  Or did my message contain the acronym "PC"?

>>  Configure the PC to use LEAP, as was suggested in *another* response
> to your post.
> 
> I read that post.  I thought the he was referring to the Foundry AP
> controller.  You just told me that it was the fault of the PC though.

  Exactly.  If you READ my messages, you get answers to questions.  Like
the question you asked above about "when you say PC, do you really mean PC?"

  Honestly, I fail to understand why there is *any* confusion here.

  Alan DeKok.



More information about the Freeradius-Users mailing list