> Hi all, I have a problem, can't authenticate my user with win login
user/pass.
I use:
- 802.1x
- newest freeradius, and ubuntu 8.4
- eap-tls
- win xp sp2 client, use automatic win logon and pass
When "Automatically use my Windows login name and password" is unchecked
on the windows, i type user/pass and my radius is accept the request.
and everything is okay.
But, When i try it with automatic win login/pass, the radius reject
the request.
I set the with-ntdomain-hack=yes to preprocess and it cut the domain
part.
its seems okay but still reject.
I have good user settings.
what is the problem? password encription?
log:
when windows send automaticly the login and pass:
Auth: Login incorrect: [Joe/<via Auth-Type = EAP>] (from client switch
port
50003 cli 00-13-D4-E7-B3-FB)
Auth: Login incorrect: [Joe/<via Auth-Type = EAP>] (from client switch
port
50003 cli 00-13-D4-E7-B3-FB)
Auth: Login incorrect: [joe/<via Auth-Type = EAP>] (from client switch
port
50003 cli 00-13-D4-E7-B3-FB)
when I type the l/p:
Auth: Login OK: [Joe/<via Auth-Type = EAP>] (from client switch port 0
via TLS
tunnel)
Auth: Login OK: [Joe/<via Auth-Type = EAP>] (from client switch port
50003 cli
00-13-D4-E7-B3-FB)
<snip>
Two quick simple questions, is your windows password the same as the
radius server password?
radius server password means the password after the username in the users file?
or anything else?
users file contains: Joe Cleartext-Password:= "pass"
The biggest thing with this that I have seen is
Windows, the password may not be the same as what you may type in. If it
works in manual mode, I wouldn't think it is anything else but user/pass
not working right. The EAP messages you see (Joe/<via Auth-Type = EAP>)
shows that the encrypted tunnel is correct, and since manual mode works,
password encryption is working as well. I would double check the
passwords first,
I checked the uname and pass in the users file, this u/p and the win logon/pass
is same.
This u/p is not the same with the client certificate u/p.
my passwords:
for server cert: private_key_password = "pass"
for client cert: test/test
for winlogin: Joe/joepass
in users file: Joe/joepass
I created the cerst like certs/README said, and then set tls modul.
I installed the server cert and the client cert to the windows client, and the
client cert asked the pass and I wrote it in, and that was correct.
This was all what I do with the certs.
Yes, it works good with manual mode, when I type it...
I think something wrong with the password encription or the windows send it to
the radius in wrong format...
I don't know.
make sure that the cert profiles seem to match for
windows auto mode,
sry I dont understand, what have to check?
and then if that fails, run radius in debug (radiusd
-xxx) and see what is breaking in that debug then run that forward to
the list.
~Seann
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
