Problem authenticating WLAN users on Active Directory

Home Page Forums Network Management ZeroShell Problem authenticating WLAN users on Active Directory

This topic contains 0 replies, has 0 voices, and was last updated by  tihovsky 10 years, 11 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #41217

    tihovsky
    Member

    Hi all,

    I have problem trying to get WLAN users connecting to Radius-enabled Access Point to authenticate to Active Directory using ZeroShell.

    WLAN router is Linksys WRT54GL with standard version of dd-wrt v.24 SP1, zeroshell is version 1.0.0. beta 10, AD is version 2003.

    When connection attempted using domain authentication Radius log on zeroshell says the following:

    02:00:15 rlm_eap_mschapv2: Issuing Challenge
    02:00:15 Login incorrect (rlm_ldap: User not found): [userxxx@XXX.COM] (from client localhost port 0)
    02:00:15 Login incorrect (rlm_ldap: User not found): [userxxx@XXX.COM] (from client XXXAccessPoint port 31 cli 0013ce9a9e1b)

    On the AD event viewer I don’t see any authentication being attempted at a time, though boxes are connected fine.

    When I try same thing with user manually created on ZeroShell under EXAMPLE.COM realm it works perfectly. Authenticated users in that case access WLAN normally. Here is the log for that case:

    02:11:00 rlm_eap_mschapv2: Issuing Challenge
    02:11:01 Login OK: [userxxx@EXAMPLE.COM] (from client localhost port 0)
    02:11:01 Login OK: [userxxxi@EXAMPLE.COM] (from client XXXAccessPoint port 31 cli 0013ce9a9e1b)

    So I believe setup of WLAN AP -> ZeroShell is fine but it is something between ZeroShell -> Active Directory that is the problem.

    Here is in brief ZeroShell setup:
    Radius is activated with new X.509 certificate created for the host.
    Same-named Kerberos 5 Realm is defined for domain XXX.COM and it is pointing to the IP address of our nearest domain controller for XXX.COM.
    Keys for both (example.com and xxx.com) are imported into XP WLAN settings, auth set to WPA2/AES/PEAP/MS-CHAP-V2.

    Another question is related to the same.
    Logging in with userxxx@EXAMPLE.COM works fine as described above,
    but if I try to put EXAMPLE.COM under DOMAIN box in authentication window it will not accept it.
    Would checking “No Stripe” option in this case help to have normal behavior of Windows domain login window?

    Thanks,
    Tihovsky

    #46982

    tihovsky
    Member

    I just realized I might have done something bad from beginning since I used
    ZeroShell-1.0.beta10.iso to boot up system and then
    ZeroShell-1.0.beta10-CompactFlash-IDE-USB-SATA-1GB.img.gz
    to build zeroshell system database for testing.

    Thus I never got asked all initial details and this is why I still have realm EXAMPLE.COM in the system. Could this be influencing above behavior?

    Thanks,
    Tihovsky

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.