OK, 1st off here is the document I have been following: http://www.swami.se/swami/space/Categories/EduRoam/Workshop+about+eduroam+implementation/freeRadius_AD_tutorial.pdf I have managed to get all tests and commands working except for radtest (which i found out via google) and having an xpro client login via wireless (as per the guide).
Sorry about only posting the debug info from the wireless session and only the results from radtest, as I said earlier I will retest tomorrow and repost correctly. I definitely need to find out what is mangling the user name, the document also mentions something about it (which I did follow). " Make sure that the following lines are uncommented and that the value is the same as indicated here. authtype = MS-CHAP with_ntdomain_hack = yes Ntdomain_hack is necessary to correct an error due to the challenge/response and the format in which the user information is sent. " I just re read the erd.conf I included, all seems fine (but dont take my word on that) the only bit Im curious about is : " # This module is the *Microsoft* implementation of MS-CHAPv2 # in EAP. There is another (incompatible) implementation # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # mschapv2 { } } " Its inside the peap { backets. Should mschapv2 brackets have any configuration options ? Ive been doing some more looking @ the config files (I can only read the attached ones atm). Thanks again for the help :) On 4/12/07, Jacob Jarick <[EMAIL PROTECTED]> wrote: > Thanks for your prompt reply Alan, > My 1st post so forgive the omission, I will clear the logs then post > radtest and the log info tomorrow once at work. > > On 4/12/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Jacob Jarick wrote: > > > Hi I have recently setup freeradius on fedora 6 and I need it to > > > authenticate against windows ADS. Currently the requests come through > > > the AP but are rejected by freeradius. > > > > The reason is in the logs. > > > > > [EMAIL PROTECTED] raddb]# radtest Administrator tfxsol 127.0.0.1:1812 10 > > > testing123 > > > Sending Access-Request of id 40 to 127.0.0.1 port 1812 > > > User-Name = "Administrator" > > > User-Password = "tfxsol" > > > NAS-IP-Address = 255.255.255.255 > > > NAS-Port = 10 > > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=20 > > > > Unfortunately, you've showed radtest giving a reject, but have NOT > > shown the corresponding debugging output from radtest. Instead, the > > debugging output is from a login via the AP: > > ... > > > rad_recv: Access-Request packet from host 10.1.1.110:1645, id=117, > > > length=164 > > > User-Name = "TFXSCHOOL\\Administrator" > > > > Which is not the "radtest" packet you quoted above. > > > > > rlm_eap: Identity does not match User-Name, setting from EAP Identity. > > > rlm_eap: Failed in handler > > > > Read "eap.conf". Also, see which module is mangling the User-Name > > attribute. > > > > Alan DeKok. > > -- > > http://deployingradius.com - The web site of the book > > http://deployingradius.com/blog/ - The blog > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html