Hi Markus, it´s long time ago i wrote that tutorial, but maybe i could help you.
Could you verify some things ? 1. Are there any checked values except PAP in the "New remote Access Profile Policy Wizard / Edit Profile" Dialog Box ? 2. Is the User allowed to do Ras Dial-in (in the User Preferences) ? 3. Could you post some of the Eventlog Entries from the Windows Server and the Syslogs from pfsense ? 4. Are you using the Active Directory in Native 2003 Mode or in Mixed Mode with pre 2000 Domain Controllers ? 5. Do you have registered the IAS in Active Directory ? Kind regards Christian Veith Strickler, Markus schrieb: > > Hello, > > We just configured pfsense as a RADIUS client for a Microsoft IAS > (Windows 2003), in order to provide some hotspot-like WLAN environment. > > On the matching IAS access profile, we specified PAP as authentication > type, and confirmed several times that the shared secret is right. > > Authentication requests are passed on to IAS alright - but IAS event id > 2, reason code 16 (unknown username / password) are logged all the time, > even if the user/password combinations are 100% correct. > > The usernames are recognized - no matter whether entered as <username>, > <domain>\<username> or <username>@<domain> , and the policy is matched, > but the credentials are judged incorrect by IAS. > > What am I missing here? Do I have to flag the Message Authenticator, for > RADIUS? > >>> I followed the tutorial on > http://pfsense.loquefaltaba.com/tutorials/cp_config/radius_win2k3.htm > precisely, > but can't find any hints on authentication/encryption... > > Thank you for your help, > > Best regards, > Markus Strickler > > ------------------------------------------------------------------------ > _Legal Notice:_ > The information in this electronic transmission may contain confidential > or legally privileged information and is intended solely for the > individual(s) named above. If you are not an intended recipient or an > authorized agent, you are hereby notified that reading, distributing, or > otherwise disseminating, copying or taking any action based on the > contents of this transmission is strictly prohibited. Any unauthorized > interception of this transmission is illegal under law. If you have > received this transmission in error, please notify the sender by > telephone [at the number indicated above/on +41 44 928 0101] as soon as > possible and then destroy all copies of this transmission. > ------------------------------------------------------------------------ > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
