Hi Ivan, There are Event log errors in Application and System.
Event ID 1053 - Windows cannot determine the user or computer name. (). Group Policy processing aborted. Or error: "The specified user does not exist." Event ID 5719 - The system cannot log you on now because the domain "name" is not available." This would be expected because port security is preventing traffic. Since DOT1X is enabled on the Cisco switch port for the server, I need to authenticate against the RADIUS server which is sending credentials to my AD domain controller. Both the server and the radius server are on the same switch, so there are no firewall issues. The switch is an access switch uplinked to the core switch where the DC is located. All servers are in the same VLAN. I cannot decipher the meaning of the debug negotiations that are happening, but it looks like to me that there is some kind of default in the users file for 255.255.255.254 that is not the IP address of the server in question. Again, my question is if I need a USERS files, because I was reading that this file is not required for AD. Here is my USERS file. http://www.nabble.com/file/p11222403/users users Thanks, Bryant. tnt wrote: > > OK. What does the Event Viewer on Win2K3 client say about failed login > attempts. Has it recieved Access-Challenge packet? There might be a > firewall problem. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 20/6/2007, "Bryant Marsh" <[EMAIL PROTECTED]> piše: > >> >>Hi Ivan, >> >>Sorry I forgot to mention that I did import the cert-clt.p12 and cacert.pem >>to the local machine certificate store. >> >>I was reading a document that was saying that the USERS file is not >>necessary for authenticating to Active Directory. Is that really true? >> >>Here are my config files. >>http://www.nabble.com/file/p11217074/clients.conf clients.conf >>http://www.nabble.com/file/p11217074/smb.conf smb.conf >>http://www.nabble.com/file/p11217074/nsswitch.conf nsswitch.conf >>http://www.nabble.com/file/p11217074/radiusd.conf radiusd.conf >>http://www.nabble.com/file/p11217074/eap.conf eap.conf >>http://www.nabble.com/file/p11217074/hosts hosts >> >>Thanks, >>Bryant. >> >> >>Yes. Certificates created with xpextensions will work with Win2K3 clients >>as well. But you need to import CA certificate to the trusted >>certificate store on Windows clients (XP and 2K3; Win 2K can't be used). >> >>Ivan Kalik >>Kalik Informatika ISP >> >>-- >>View this message in context: http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11217074 >>Sent from the FreeRadius - User mailing list archive at Nabble.com. >> >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >> >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11222403 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
