Hello! I'm currently wrestling with improving our wireless LAN security and decided to try out FreeRADIUS to integrate 802.1x authentication with our existing Samba domain controller.
Unfortunatley I can't get it to work... :~( Here's my setup: Domain controller runs Samba 2.2.8a. The FreeRADIUS server runs CVS snapshot 20040526 and Samba 3.0.2a with winbindd and ntlm_auth up and running. The access point is an HP 520wl with a 802.11a radio. A laptop running Windows XP with a 3com A/B/G card. Initially I had some trouble getting ntlm_auth accepting the username given to it (on the form domain\\username). I ended upp writing a small script that chopped of the domain\\ part before sending it to ntlm_auth, I also had to add --domain=mydomain to the commandline. After that everything looks ok in the FreeRADIUS log, it seems to properly authenticate the user and is generally happy as a clam (requests 1-6 in the log). Unfortunatley the Windows XP client logs the following line: [1440] 19:02:18:161: Failing Auth because we got a success/fail without TLV. On the second try (requests 7-27) to authenticate there are a couple of rejects but I'm unable to acertain why. I've placed the relevant logs and configs on my webpage: FreeRADIUS log http://www.chl.chalmers.se/~ohrn/radius/radiusd.log Main config http://www.chl.chalmers.se/~ohrn/radius/radiusd.conf EAP config http://www.chl.chalmers.se/~ohrn/radius/eap.conf Windows XP log http://www.chl.chalmers.se/~ohrn/radius/EAPOL.LOG http://www.chl.chalmers.se/~ohrn/radius/RASTLS.LOG If someone has any ideas on how to troubleshoot this I'd greatly appreciate it. Regards, Fredrik -- If it's such a good idea, I expect that management will be joining us. Fredrik Öhrn Chalmers University of Technology [EMAIL PROTECTED] Sweden - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html