I gave up on the box I built and dowloaded the VM image. I configured
and tested the Active Directory connection for Samba. I setup PF with
the configurator for option2 ARP. I added a test AP and configured it to
authorize through PF. If I try to connect with an XP workstation, I get
the identity mismatch from EAP. I get this error whether I use the
Windows credentials domain\user
rad_recv: Access-Request packet from host a.b.c.d port 1645, id=112,
length=132
User-Name = "domain\\user"
Framed-MTU = 1400
Called-Station-Id = "0022.90b3.9501"
Calling-Station-Id = "0090.4b78.9270"
Service-Type = Login-User
Message-Authenticator = 0xcdf952bf1241e5ec93f0736e54d149d6
EAP-Message = 0x0202000b014f475c746f6d
NAS-Port-Type = Wireless-802.11
NAS-Port = 83777
NAS-Port-Id = "83777"
NAS-IP-Address = a.b.c.d
NAS-Identifier = "ap"
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 2 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Calling-Station-Id = 0090.4b78.9270
rlm_perl: Added pair Called-Station-Id = 0022.90b3.9501
rlm_perl: Added pair Message-Authenticator =
0xcdf952bf1241e5ecccf0736e54d149d6
rlm_perl: Added pair User-Name = domain\\user
rlm_perl: Added pair NAS-Identifier = ap
rlm_perl: Added pair EAP-Message = 0x0202000b014fdddc746f6d
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair NAS-Port = 83777
rlm_perl: Added pair NAS-Port-Id = 83777
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Identity does not match User-Name, setting from EAP Identity.
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
If I go to manual login on the workstation and enter user@domain, the
EAP identity is okay. The only differences that I can see are the EAP
response length, and there is a GOT CLONE message for the user@domain.
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 2 length 17
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
GOT CLONE -1342070192 0xf476580
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
I have no realms defined, and the conf files are as vanilla as they
can be. I have tried nostrip in the proxy.conf and tried yes/no for
with_ntdomain_hack in the mschap module. Can someone please help me get
past this?
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
