RE: help

Hi Alan,

Now everything works but the Active Directory authentication,Please see
the following output from "$ Radiusd -X" when a wireless client uses
"administrator" logon into the chillispot web logon page:


Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0,
length=223
User-Name = "administrator"
CHAP-Challenge = 0xa784482e8ac92fd573e87bbbad9ca58f
CHAP-Password = 0x00f54cc04e288eec67feff0b13e9448bd2
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.182.5
Calling-Station-Id = "00-16-6F-79-91-F4"
Called-Station-Id = "00-05-5D-9E-0F-94"
NAS-Identifier = "nas01"
Acct-Session-Id = "45aec9a900000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0x97668bae73249b0dd4755ab03d364f34
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "administrator", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched DEFAULT at 153
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_chap: login attempt by "administrator" with CHAP password
rlm_chap: Could not find clear text password for user administrator
modcall[authenticate]: module "chap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=0,
length=223
Sending Access-Reject of id 0 to 127.0.0.1:32772
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 45aecedc
Nothing to do. Sleeping until we see a request.



-----Original Message-----
From: freeradius-users-bounces+j.wan=mbs.edu@lists.freeradius.org
[mailto:freeradius-users-bounces+j.wan=mbs.edu@lists.freeradius.org] On
Behalf Of John Wan
Sent: Friday, 5 January 2007 11:26 AM
To: FreeRadius users mailing list
Subject: RE: help

Hi Alan,

Many thanks for your help.

Now the kerberos service and the Samba service are running now, I have
followed your instructions on your webpage, but I still have experenced
the similar issue, please see the folloewing:

[root@sun ~]# net join -U Administrator
Administrator's password:
[2007/01/05 10:10:15, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password Administrator@MBUS.LOCAL failed: Cannot find
KDC for requested realm
[2007/01/05 10:10:15, 0] utils/net_ads.c:ads_startup(186)
ads_connect: Cannot find KDC for requested realm Joined domain MBUS.


[root@sun ~]# wbinfo -a administrator%password plaintext password
authentication failed Could not authenticate user administrator%password
with plaintext password could not obtain winbind separator!
could not obtain winbind domain name!
challenge/response password authentication failed Could not authenticate
user administrator with challenge/response

Would you please give me some hints so I could try it again. All I need
is to allow the freeradius server and Chillispot to hand over the
authentication (for wireless client) to the Win2k3 Active Directory. To
be able to achive that, I have to make sure the above two steps are
working (at moment they are not working).

Many thanks again in advance.

Regards

John







-----Original Message-----
From: freeradius-users-bounces+j.wan=mbs.edu@lists.freeradius.org
[mailto:freeradius-users-bounces+j.wan=mbs.edu@lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Thursday, 14 December 2006 12:20 PM
To: FreeRadius users mailing list
Subject: Re: help

John Wan wrote:

> Would you please give me some hints how to start the Kerberos server
> and how to solve the issue of
> "ads_connect: Invalid credentials".

Unfortunately, I'm not a kerberos or Samba expert. I know just enough
to follow the script. If it doesn't work, I suggest asking on the Samba
/ kerberos lists.

i.e. the people who wrote the software are the ones most likely to be
able to help you.

Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



--
__________________________________________________ ______________________
_______



Notice from Melbourne Business School Ltd


The information contained in this e-mail is confidential, and is
intended for the named person's use only. It may contain proprietary or
legally privileged information. If you have received this email in
error, please notify the sender and delete it immediately. You must
not, directly or indirectly, use, disclose, distribute, print, or copy
any part of this message if you are not the intended recipient

Internet communications are not secure. You should scan this message and
any attachments for viruses. Melbourne Business School does not accept
any liability for loss or damage which may result from receipt of this
message or any attachments.

__________________________________________________ ______________________
______






-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



--
__________________________________________________ _____________________________



Notice from Melbourne Business School Ltd


The information contained in this e-mail is confidential, and is intended for
the named person's use only. It may contain proprietary or legally privileged
information. If you have received this email in error, please notify the
sender and delete it immediately. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you are not
the intended recipient

Internet communications are not secure. You should scan this message and any
attachments for viruses. Melbourne Business School does not accept any
liability for loss or damage which may result from receipt of this message or
any attachments.

__________________________________________________ ____________________________






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html