Hi Alan, Now everything works but the Active Directory authentication,Please see the following output from "$ Radiusd -X" when a wireless client uses "administrator" logon into the chillispot web logon page:
Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, length=223 User-Name = "administrator" CHAP-Challenge = 0xa784482e8ac92fd573e87bbbad9ca58f CHAP-Password = 0x00f54cc04e288eec67feff0b13e9448bd2 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.5 Calling-Station-Id = "00-16-6F-79-91-F4" Called-Station-Id = "00-05-5D-9E-0F-94" NAS-Identifier = "nas01" Acct-Session-Id = "45aec9a900000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x97668bae73249b0dd4755ab03d364f34 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 153 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by "administrator" with CHAP password rlm_chap: Could not find clear text password for user administrator modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0, length=223 Sending Access-Reject of id 0 to 127.0.0.1:32772 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 45aecedc Nothing to do. Sleeping until we see a request. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Wan Sent: Friday, 5 January 2007 11:26 AM To: FreeRadius users mailing list Subject: RE: help Hi Alan, Many thanks for your help. Now the kerberos service and the Samba service are running now, I have followed your instructions on your webpage, but I still have experenced the similar issue, please see the folloewing: [EMAIL PROTECTED] ~]# net join -U Administrator Administrator's password: [2007/01/05 10:10:15, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [2007/01/05 10:10:15, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Joined domain MBUS. [EMAIL PROTECTED] ~]# wbinfo -a administrator%password plaintext password authentication failed Could not authenticate user administrator%password with plaintext password could not obtain winbind separator! could not obtain winbind domain name! challenge/response password authentication failed Could not authenticate user administrator with challenge/response Would you please give me some hints so I could try it again. All I need is to allow the freeradius server and Chillispot to hand over the authentication (for wireless client) to the Win2k3 Active Directory. To be able to achive that, I have to make sure the above two steps are working (at moment they are not working). Many thanks again in advance. Regards John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, 14 December 2006 12:20 PM To: FreeRadius users mailing list Subject: Re: help John Wan wrote: > Would you please give me some hints how to start the Kerberos server > and how to solve the issue of > "ads_connect: Invalid credentials". Unfortunately, I'm not a kerberos or Samba expert. I know just enough to follow the script. If it doesn't work, I suggest asking on the Samba / kerberos lists. i.e. the people who wrote the software are the ones most likely to be able to help you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ________________________________________________________________________ _______ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. ________________________________________________________________________ ______ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _______________________________________________________________________________ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. ______________________________________________________________________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html