Hello
I'm now trying more than a week to find a solution for my needs:
Equipment: Windows XP Client, Cisco Catalyst 2950, Freeradius Server (Debian Linux) and Windows 2000 Domain.
Scenario:
1. Windows XP Client boots up.
2. Windows XP authenticates and brings the port to the authorized state.
3. User logs in to the Windows Domain.
My Questions:
1. How do I have to configure the Windows XP Client? I found out, that the only setup that tries to authenticate before the users logs in is PEAP with "Authenticate as computer when information is available". Is that correct? Is there a possibility to send user name and password of the user before the domain login?
2.How do I configure the FreeRadius server? I tried it with PEAP and host/myhostname.mydomain.com but I got an error (see below). Who do I have to specify the password for this?
3. What would be the best practice for this problem?
Thanks a lot
Marco
------
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 23
modcall: group authenticate returns invalid for request 23
auth: Failed to validate the user.
Delaying request 23 for 1 seconds
Finished request 23
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.107.44:1812, id=87, length=180
Sending Access-Reject of id 87 to 192.168.107.44:1812
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
