Errors authenticating certain users.
Migo Pod
migopod at gmail.com
Tue Dec 29 17:11:23 CET 2015
Hello List,
A few years ago I inherited a FreeRADIUS environment, and it has been more
or less trouble free for the whole time. In mid-December, however, we
started getting reports of authentication failures from computers that were
joined to our Active Directory environment and only those computers.
Previously we've been having no issues authenticating people with username.
AD\username. and username at realm, but on around the 16th people with the
AD\username format started getting authentication failures.
We're running RHEL6 with the distro supplied freeradius binary
(freeradius-2.2.6-6.el6_7.x86_64) and haven't made any changes to anything
besides system updates in over a year, and it has been working perfectly up
until now.
Here's a relevant log snippet that appears to describe the issue, but I
have no idea where to start looking for a solution.
+group authorize {
++[preprocess] = ok
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "podia-user", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] = ok
[eap] EAP packet type response id 1 length 18
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry DEFAULT at line 50
++[files] = ok
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group authenticate {
[eap] Identity (AD\podia-user) does not match User-Name (podia-user).
Authentication failed.
[eap] Failed in handler
++[eap] = invalid
+} # group authenticate = invalid
Thanks in advance for any advice,
-mat houser
More information about the Freeradius-Users
mailing list