You don't need users file if all user/pass information is stored in AD. Can you check if imported certificate is in "Trusted Root" and not some other certificate folder. I can't think of any other reason why the conversation wouldn't start with your network configuration.
Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Bryant Marsh" <[EMAIL PROTECTED]> piše: > >Hi Ivan, > >There are Event log errors in Application and System. > >Event ID 1053 - Windows cannot determine the user or computer name. (). >Group Policy processing aborted. Or error: "The specified user does not >exist." > >Event ID 5719 - The system cannot log you on now because the domain "name" >is not available." > >This would be expected because port security is preventing traffic. Since >DOT1X is enabled on the Cisco switch port for the server, I need to >authenticate against the RADIUS server which is sending credentials to my AD >domain controller. >Both the server and the radius server are on the same switch, so there are >no firewall issues. The switch is an access switch uplinked to the core >switch where the DC is located. All servers are in the same VLAN. > >I cannot decipher the meaning of the debug negotiations that are happening, >but it looks like to me that there is some kind of default in the users file >for 255.255.255.254 that is not the IP address of the server in question. >Again, my question is if I need a USERS files, because I was reading that >this file is not required for AD. > >Here is my USERS file. > >http://www.nabble.com/file/p11222403/users users > >Thanks, >Bryant. > > > > >tnt wrote: >> >> OK. What does the Event Viewer on Win2K3 client say about failed login >> attempts. Has it recieved Access-Challenge packet? There might be a >> firewall problem. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Dana 20/6/2007, "Bryant Marsh" <[EMAIL PROTECTED]> piĹĄe: >> >>> >>>Hi Ivan, >>> >>>Sorry I forgot to mention that I did import the cert-clt.p12 and >cacert.pem >>>to the local machine certificate store. >>> >>>I was reading a document that was saying that the USERS file is not >>>necessary for authenticating to Active Directory. Is that really true? >>> >>>Here are my config files. >>>http://www.nabble.com/file/p11217074/clients.conf clients.conf >>>http://www.nabble.com/file/p11217074/smb.conf smb.conf >>>http://www.nabble.com/file/p11217074/nsswitch.conf nsswitch.conf >>>http://www.nabble.com/file/p11217074/radiusd.conf radiusd.conf >>>http://www.nabble.com/file/p11217074/eap.conf eap.conf >>>http://www.nabble.com/file/p11217074/hosts hosts >>> >>>Thanks, >>>Bryant. >>> >>> >>>Yes. Certificates created with xpextensions will work with Win2K3 clients >>>as well. But you need to import CA certificate to the trusted >>>certificate store on Windows clients (XP and 2K3; Win 2K can't be used). >>> >>>Ivan Kalik >>>Kalik Informatika ISP >>> >>>-- >>>View this message in context: >http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11217074 >>>Sent from the FreeRadius - User mailing list archive at Nabble.com. >>> >>>- >>>List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html >>> >>> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > >-- >View this message in context: >http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11222403 >Sent from the FreeRadius - User mailing list archive at Nabble.com. > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
