Hi, Is it fine to do some jugglery with the user-name and convert it to a format which can be proxied to home server ?
Thanks, Chidanand On Wed, Oct 20, 2010 at 4:52 PM, Chidanand Gangur < chidanand.gan...@gmail.com> wrote: > Hi, > > I have following setup > > where windows host is connected to Cisco 2960 which is connected to > Microsoft AD via RADIUS proxy > > Windows host (XP SP3) -> Cisco 2960 -> freeRADIUS proxy (2.1.10) -> > Microsoft AD (2003) > > In the above setup user authentication goes fine. I am using PEAP v1 > authentication. > > I am struggling hard to make host authentication successful. > > When the machine boots I see radius Access-Request with User-Name = "host/ > radhost1.testad1.com" which qualifies to IPASS type realm and searches for > realm as "host" and things do not work. > > Please point me to links/docs or give me pointer where/how to start. > > rad_recv: Access-Request packet from host 192.168.6.200 port 1645, id=141, > length=165 > User-Name = "host/radhost1.testad1.com" > Service-Type = Framed-User > Framed-MTU = 1500 > Called-Station-Id = "00-21-D7-00-51-89" > Calling-Station-Id = "00-13-20-38-33-27" > EAP-Message = > 0x021a001e01686f73742f726164686f7374312e746573746164312e636f6d > Message-Authenticator = 0x2deded3294b409a59441b3e5777a9a87 > NAS-Port-Type = Ethernet > NAS-Port = 50009 > NAS-IP-Address = 192.168.6.200 > Wed Oct 20 07:27:48 2010 : Info: # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > Wed Oct 20 07:27:48 2010 : Info: +- entering group authorize {...} > Wed Oct 20 07:27:48 2010 : Info: ++[preprocess] returns ok > Wed Oct 20 07:27:48 2010 : Info: ++[chap] returns noop > Wed Oct 20 07:27:48 2010 : Info: ++[mschap] returns noop > Wed Oct 20 07:27:48 2010 : Info: [IPASS] Looking up realm "host" for > User-Name = "host/radhost1.testad1.com" > Wed Oct 20 07:27:48 2010 : Info: [IPASS] Found realm "DEFAULT" > Wed Oct 20 07:27:48 2010 : Info: [IPASS] Adding Stripped-User-Name = " > radhost1.testad1.com" > Wed Oct 20 07:27:48 2010 : Info: [IPASS] Adding Realm = "DEFAULT" > Wed Oct 20 07:27:48 2010 : Info: [IPASS] Authentication realm is LOCAL. > Wed Oct 20 07:27:48 2010 : Info: ++[IPASS] returns ok > Wed Oct 20 07:27:48 2010 : Info: [suffix] Request already proxied. > Ignoring. > Wed Oct 20 07:27:48 2010 : Info: ++[suffix] returns ok > Wed Oct 20 07:27:48 2010 : Info: [ntdomain] Request already proxied. > Ignoring. > Wed Oct 20 07:27:48 2010 : Info: ++[ntdomain] returns ok > Wed Oct 20 07:27:48 2010 : Info: [realmpercent] Request already proxied. > Ignoring. > Wed Oct 20 07:27:48 2010 : Info: ++[realmpercent] returns ok > Wed Oct 20 07:27:48 2010 : Info: [eap] EAP packet type response id 26 > length 30 > Wed Oct 20 07:27:48 2010 : Info: [eap] No EAP Start, assuming it's an > on-going EAP conversation > Wed Oct 20 07:27:48 2010 : Info: ++[eap] returns updated > Wed Oct 20 07:27:48 2010 : Info: ++[unix] returns notfound > Wed Oct 20 07:27:48 2010 : Info: ++[files] returns noop > Wed Oct 20 07:27:48 2010 : Info: ++[expiration] returns noop > Wed Oct 20 07:27:48 2010 : Info: ++[logintime] returns noop > Wed Oct 20 07:27:48 2010 : Info: [pap] WARNING! No "known good" password > found for the user. Authentication may fail because of this. > Wed Oct 20 07:27:48 2010 : Info: ++[pap] returns noop > Wed Oct 20 07:27:48 2010 : Info: Found Auth-Type = EAP > Wed Oct 20 07:27:48 2010 : Info: # Executing group from file > /usr/local/etc/raddb/sites-enabled/default > Wed Oct 20 07:27:48 2010 : Info: +- entering group authenticate {...} > Wed Oct 20 07:27:48 2010 : Info: [eap] EAP Identity > Wed Oct 20 07:27:48 2010 : Info: [eap] processing type md5 > Wed Oct 20 07:27:48 2010 : Debug: rlm_eap_md5: Issuing Challenge > Wed Oct 20 07:27:48 2010 : Info: ++[eap] returns handled > Sending Access-Challenge of id 141 to 192.168.6.200 port 1645 > EAP-Message = 0x011b001604100675c546c11b2ad0f1a7341b757af909 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x6d4e1d1a6d5519217cdc7f95e535c25b > Wed Oct 20 07:27:48 2010 : Info: Finished request 48. > Wed Oct 20 07:27:48 2010 : Debug: Going to the next request > Wed Oct 20 07:27:48 2010 : Debug: Waking up in 4.9 seconds. > > > Thanks & Regards > > -- > Chidanand Gangur > Pune. > -- Chidanand Gangur Pune.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html