Hi,
I really need help with this one. I'm setting up Freeradius 1.1.4 on a SUSE 10 server for our wireless users with XP SP2 using PEAP. Because we use eDirectory I strip the computer name from the username, not every users uses the Novell client. The user get authorize but I can't get the authentication to work. For some reason the first character of the users password is change for a "a", if the first character is a "a" then it is change for something else. ??? I installed the 885453 and 917021 patches for Windows XP SP2 and changed the supplicant mode to 3, didn't help. This problem does not occur with users using the Novell client SP4. I included a few lines from the debug, the password should be mypassw instead of aypassw. Robert ldap_msgfree TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /OU=Organizational CA/O=CS, issuer: /OU=Organizational CA/O=CS TLS certificate verification: depth: 0, err: 0, subject: /O=CS/CN= rep01.mydomain.ca, issuer: /OU=Organizational CA/O=CS TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:SSLv3 read finished A rlm_ldap: bind as cn=User1,ou=Techs,o=ORG/aypassw to rep01.mydomain.ca:389 <= ldap_bind ... ldap_chase_referrals read1msg: V2 referral chased, mark request completed, id = 2 new result: res_errno: 49, res_error: <NDS error: failed authentication (-669)>, res_matched: <> read1msg: ld 0x8013f578 0 new referrals read1msg: mark request completed, ld 0x8013f578 msgid 2 request done: ld 0x8013f578 msgid 2 res_errno: 49, res_error: <NDS error: failed authentication (-669)>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ldap_msgfree rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf ldap_free_connection 1 1 ldap_send_unbind ldap_free_connection: actually freed TLS trace: SSL3 alert write:warning:close notify rlm_ldap: eDirectory account policy check failed. rlm_ldap: NDS error: failed authentication (-669) rlm_ldap: ldap_release_conn: Release Id: 0 modcall[post-auth]: module "ldap1" returns reject for request 1 modcall: leaving group REJECT (returns reject) for request 1 Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 24 to 10.228.14.81 port 20000 Reply-Message = "NDS error: failed authentication (-669)"
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html