PEAP EAP-TLS not replying with Access-Accept message
Ivan Kalik
tnt at kalik.net
Fri May 22 22:14:22 CEST 2009
> I've been debugging this for awhile and I still can't find a solution to
> the problems I'm having. I'm running freeradius in this pattern:
>
> Active Directory <-> MS-CHAP <-> Freeradius <-> Cisco Switch <-> Windows
> XP SP3
>
> I seem to be getting the error that is described here:
> http://wiki.freeradius.org/index.php/FAQ#PEAP_or_EAP-TLS_Doesn.27t_Work_with_a_Windows_machine
>
Not really.
...
> [mschap] Told to do MS-CHAPv2 for chris with NT-Password
> [mschap] No NT-Domain was found in the User-Name.
> expand: --domain=%{mschap:NT-Domain:-MYDOMAINHERE} ->
> --domain=MYDOMAINHERE
> expand: --username=%{mschap:User-Name:-None} -> --username=chris
> [mschap] mschap2: 11
> expand: --challenge=%{mschap:Challenge:-00} ->
> --challenge=4e97ec9325450dea
> expand: --nt-response=%{mschap:NT-Response:-00} ->
> --nt-response=35b488c0131cea6672253fe5e9a3b8e54aacc0c341fae031
> Exec-Program output: NT_KEY: A09BCEDBCCD05FD0BEC38E5E663B2207
> Exec-Program-Wait: plaintext: NT_KEY: A09BCEDBCCD05FD0BEC38E5E663B2207
> Exec-Program: returned: 0
> ++[mschap] returns ok
> MSCHAP Success
You authenticate fine but then get stuck. This has been reported as Samba
problem. You should try to downgrade Samba back to the stable version (if
I recall well 3.2 has the problem but 3.0 doesn't).
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list