eduroam PEAP + TTLS

Jean-Philippe Ghibaudo legdf at hotmail.com
Mon Jun 21 17:35:57 CEST 2010 

Thank you so much, you were right, once more as it seems, I've just downgraded samba to native version (3.2.5) on my Debian Lenny and it works !
I had'nt managed to have samba 3.2.5 working the first time so I have tried 3.5.3 but with the same .conf, it works perfectly.

> Date: Mon, 21 Jun 2010 16:46:05 +0200
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: eduroam PEAP + TTLS
> 
> Jean-Philippe Ghibaudo wrote:
> > I need to have EAP-TTLS working with LDAP bind and PEAP-MSCHAPV2 with
> > Samba + Winbind + Active Directory.
> 
>   That should be possible.  Follow the guides, and it should work.
> 
> > I've got winbind very unstable... I can successfully authenticate using
> > eapol_test but a few minutes later, I've got a
> > MPPE keys mismatch. If I restart winbind, I can authenticate few times
> > and then, it stops working.
> 
>   That sounds like a Samba problem.  See
> 
> https://bugzilla.samba.org/show_bug.cgi?id=6563
> 
> > I'm not really sure to understand how I have to set "Auth-Type" in
> > inner-tunnel and/or default (sites-enabled).
> 
>   Don't.  Leave the defaults alone.  Only make the changes which are
> recommended by the guides (e.g. deployingradius.com)
> 
> > I've got :
> ...
> > in the authenticate section. I've got mschap then ldap in authorize section.
> > 
> > Is there a mistake here ?
> 
>   No.
> 
> > This is the end of the output of eapol_test for PEAP when it fails :
> ..
> > EAP-MSCHAPV2: Invalid authenticator response in success request
> 
>   It looks like that Samba bug.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
_________________________________________________________________
Hotmail : Simple et Efficace qui vous facilite la vie… Découvrez la NOW génération !
http://www.windowslive.fr/hotmail/nowgeneration/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100621/9962a68e/attachment.html>

More information about the Freeradius-Users mailing list