I’m testing UCS 5.0-5 errata804 wanting to use it to replace Zentyal domain controller.
I joined the USC to the domain and all users are synced. I can log in to the Univention Portal and ssh using my domain username and password.
Following this guide I added my access point (Cisco switch) to the configuration.
However, at this point I can’t get Radius to authenticate any users.
I tried:
local
radtest -x -t mschap username passwd localhost 0 testing123
and remote authentication from the switch, all fail.
This is what I get from the radtest:
Received Access-Reject Id 38 from 127.0.0.1:1812 to 127.0.0.1:59599 length 61
MS-CHAP-Error = “\000E=691 R=1 C=2b32fc81a093b862 V=2”
(0) -: Expected Access-Accept got Access-Reject
while in log:
Mon Sep 18 15:30:38 2023 : Info: rlm_ldap (ldap): Closing connection (8): Hit idle_timeout, was idle for 904 seconds
Mon Sep 18 15:30:38 2023 : Info: rlm_ldap (ldap): Closing connection (7): Hit idle_timeout, was idle for 895 seconds
Mon Sep 18 15:30:38 2023 : Info: rlm_ldap (ldap): Closing connection (9): Hit idle_timeout, was idle for 895 seconds
Mon Sep 18 15:30:38 2023 : Info: rlm_ldap (ldap): Opening additional connection (10), 1 of 32 pending slots used
Mon Sep 18 15:30:38 2023 : Info: Need 2 more connections to reach min connections (3)
Mon Sep 18 15:30:38 2023 : Info: rlm_ldap (ldap): Opening additional connection (11), 1 of 31 pending slots used
Mon Sep 18 15:30:38 2023 : ERROR: (3) mschap: ERROR: Program returned code (1) and output ‘’
Mon Sep 18 15:30:38 2023 : Auth: (3) Login incorrect (mschap: Program returned code (1) and output ‘’): [username/] (from client localhost port 1812)
My zentyal domain controller does not appear in the computer list so I can’t select it as the “Radius Authenticator”.
Could it be that all issues are caused by USC not being able to forward auth requests to the DC? Should that go away once I migrate domain to USC with domain takeover?