Windows XP hangs forever during PEAP auth on freeradius withwinbind/AD backend

Mike Loosbrock m-loosbrock at bethel.edu
Wed Apr 8 17:07:57 CEST 2009


On Apr 6, 2009, at 3:49 PM, john wrote:

> On Sat, Apr 4, 2009 at 1:16 AM,  <A.L.M.Buxey at lboro.ac.uk> wrote:
>>
>>
>>> The howto you sent me says "If all goes well, you should see
>>> authentication succeeding (NT_STATUS_OK). You should also see the
>>> NT_KEY output, which is needed in order for FreeRADIUS to perform
>>> MS-CHAP authentication." I (0x0) the output being referred to or is
>>> something missing here?
>>
>> what version of samba are you running? what distro are you running?
>>
>> alan
>
> Samba/winbind version 2:32.5-4 on Debian Lenny (stable).


We run Debian, and we currently have our samba packages pinned at  
version 2:3.0.30-3 due to this issue:

http://lists.freeradius.org/pipermail/freeradius-users/2009-February/msg00289.html

See the Debain APT manual for information on package pinning.

That said, your debug output (if that was all of it) didn't seem to  
suggest you're running into this particular issue just yet. I say that  
because your EAP exchange never progresses to the point where  
ntlm_auth is executed by FreeRADIUS. Things seem to be hanging right  
after the outer TLS tunnel is established, which may point to a  
certificate problem. Are you sure your server certificate is OK?

Mike Loosbrock
Bethel University Network Services
651-638-6723




More information about the Freeradius-Users mailing list