Hi,

I've configured FreeRADIUS (version 1.1.7, supplied with SLES10) to authenticate from Novell eDirectory with LDAP. The problem is that I can't connect to the network when I check the "Automatically use my Windows logon name and password" on a WinXP client's PEAP properties. This is the output of radiusd -A -X:

rad_recv: Access-Request packet from host 10.128.128.3:1812, id=15, length=194
        User-Name = "E00\\user1"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Called-Station-Id = "00-26-CA-8D-A7-85"
        Calling-Station-Id = "00-0B-CD-04-75-8C"
        Attr-102 = 0x
        NAS-Port-Type = Ethernet
        NAS-Port = 50005
        NAS-Port-Id = "FastEthernet0/5"
        NAS-IP-Address = 10.128.128.1
        EAP-Message = 0x0201000e014530305c7573657231
Proxy-State = 0x280000000000000646010000400900000000000000000000a74212c6bb2daec4f3110aa90d1af235
        Message-Authenticator = 0x928d46624aad188e71d3c6bbd88af6f1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 14
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry user1 at line 88
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for user1
radius_xlat:  '(uid=user1)'
radius_xlat:  'o=snac'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.128.128.5:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /etc/raddb/certs/ip_cert.b64
rlm_ldap: bind as cn=admin,o=snac/xxx to 10.128.128.5:636
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=snac, with filter (uid=user1)
rlm_ldap: checking if remote access for user1 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user user1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0
auth: Failed to validate the user.
Login incorrect: [user1/<no User-Password attribute>] (from client lan port 50005 cli 00-0B-CD-04-75-8C)
  Found Post-Auth-Type
  Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 0
  modcall[post-auth]: module "ldap" returns noop for request 0
modcall: leaving group REJECT (returns noop) for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 15 to 10.128.128.3 port 1812
Proxy-State = 0x280000000000000646010000400900000000000000000000a74212c6bb2daec4f3110aa90d1af235
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 15 with timestamp 4c06337d
Nothing to do.  Sleeping until we see a request.



The with_ntdomain_hack directive is set to "yes" in the preprocess and mschap modules of radiusd.conf. When I set it to "no" and uncheck the "Automatically use my Windows..." and enter the user's credentials in a pop-up box, it's working fine.
Could you guys help me with this problem? Thanks in advance.

Regards,
Andras

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to