I'm not anywhere near expert enough with FreeRADIUS to be able to point you to the solution to your problem, but I think I can at least help you understand some of the behaviour you're seeing ...
On Thu, 12 Jun 2008, Capelle, Mark (PCMC-GB) wrote:
Thu Jun 12 13:21:54 2008 : Auth: Login incorrect (rlm_ldap: User not found): [DOMAIN\\nonworkinguser/<via Auth-Type = EAP>] (from client WLANCTRLR1 port 0)
This part is very significant of course. Can you perform an LDAP search for the user, using the same credentials and search filters as are used by FreeRADIUS?
If I try the samba authentication from a command line on the FreeRADIUS server, it completes successfully:
That suggests to me that your non-working user exists in the directory, but not in the container that FreeRADIUS is looking for it in its LDAP configuration. For example does the user exist in the "basedn" you have configured RADIUS to look in?
If I test authentication of the user using radtest, it works fine and is able to find the user: ...
Follow the RADIUS server's -X output when you do that and compare to when an authentication request comes in from the WLAN controller. You'll find that radtest isn't performing any form of EAP authentication so your PEAP setup isn't being tested with that. To test thoroughly you'll probably want to use a utility such as wpa_supplicant's eapol_test. I'm sorry I can't help more than that but I hope I'll have helped you gather more information and test more closely to what you want to be testing. -- ---------------------------------------------------------------------- Sylvain Robitaille [EMAIL PROTECTED] Systems and Network analyst Concordia University Instructional & Information Technology Montreal, Quebec, Canada ---------------------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html