(starting a new thread, a continuation of my thread from last week...not
sure how far back anyone reads)

Trying to configure a wireless single sign on to edirectory for
wireless clients.
servers are all nw6.5 sp6/windows xp clients.

Installed freeradius on linux, (oes sp2, all updates installed via red
carpet), configured according to docs and tids. LDAP login to wlan
seems to work ok, as does tests with NTradPing. Logging in
"workstation only" works, and the wireless connects using the windows
Subsequent logins to edirectory fail, if the "use 802.1x..." checkbox
is checked, but work if that option isn't checked.

Turns out through freeradius debugging that the password entered into
the novell gina (4.91, sp4) is being passed to edirectory with the
first character changed to the letter "a". If it retries enough times
(and it seems inconsistant how many attempts it will make), the account
locks with "intruder detection".
radius debug screen shows the username, edirectory context, and
password...it comes through as "username/aassword" instead of

I created a test user with the password "aaaaa", and it logs in
perfectly, from the nwgina, "workstation only" un-checked...windows
comes up, authenticates to the wlan, and edirectory, login script
commences...just as advertised. As long as you have the letter "a" as
the first character of your password.

I'm at a loss as to where or how to proceed. Seems like it must be a
client bug, but I suppose it could be freeradius, too...although, the
other login modules all seem to work. (windows, wlan, both
authenticate fine).