Hello everyone, I recently changed the IP address of our RADIUS server and changed domain controllers for Windows Authentication. Besides that change we decided to use LDAP instead of LDAPS on the new domain controller. I didn't think I would run into a problem with my test lab on the changes that were made. I'm stumped why the devices can no longer authenticate. Anyone have any ideas as I'm getting familiar with FreeRADIUS and Linux. I appreciate any input...
Below is an output of the debug: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.213.254 port 1645, id=13, length=85 NAS-IP-Address = 192.168.213.254 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = "edwinadmin" Calling-Station-Id = "192.168.213.207" User-Password = "Teddy133" +- entering group authorize {...} ++[preprocess] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = "edwinadmin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] No '\' in User-Name = "edwinadmin", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [ldap] performing user authorization for edwinadmin [ldap] expand: (&(objectCategory=user)(samaccountname=%{user-name})(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) -> (&(objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) [ldap] expand: dc=eidev,dc=com -> dc=eidev,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to eidev-dc6.eidev.com:389, authentication 0 rlm_ldap: bind as eidev\radius/N3tw0rkd3^ to eidev-dc6.eidev.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=eidev,dc=com, with filter (&(objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) rlm_ldap: ldap_search() failed: Operations error [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [edwinadmin] (from client EIDEV LAB port 1 cli 192.168.213.207) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> edwinadmin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 13 to 192.168.213.254 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 13 with timestamp +50 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html