PEAP - AD Disabled

Nathan McDavit-Van Fleet nmcdavit at alcor.concordia.ca
Fri Jun 25 16:00:13 CEST 2010


Isn't the same certificate used in the TLS tunnel for TTLS?

Anyhow, it appears to be something to do with the person who configed Samba.
They clustered the servers and the privileges changes in
/var/cache/samba/winbind_privileged. That directory has been one of the
biggest problems we've had so far.

Thanks,

Nathan Van Fleet
Telecommunications Analyst
Network Assessment and Integration
IITS Concordia University
(514) 848-2424 Extension:5434
 

> -----Original Message-----
> From: freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+nmcdavit=alcor.concordia.ca at lists.freeradius.org] On Behalf Of
> Danner, Mearl
> Sent: Friday, June 25, 2010 9:34 AM
> To: FreeRadius users mailing list
> Subject: RE: PEAP - AD Disabled
> 
> Have you checked the certificate? That's one major difference. ntlm-
> auth is the auth after the cert conversation in PEAP is done.
> 
> Maybe a radiusd -X log to help us along?
> 
> 
> From: freeradius-users-
> bounces+jmdanner=samford.edu at lists.freeradius.org [mailto:freeradius-
> users-bounces+jmdanner=samford.edu at lists.freeradius.org] On Behalf Of
> Nathan McDavit-Van Fleet
> Sent: Friday, June 25, 2010 8:22 AM
> To: 'FreeRadius users mailing list'
> Subject: PEAP - AD Disabled
> 
> Okay,
> 
> I've had a working config with the following for the past month.
> 
> TTLS->LDAP
> PEAP->AD
> PEAP->Local Users File
> 
> After a month running everything perfectly, 3 days ago the "PEAP-AD"
> portion of the AAA failed. This is for wireless auth.
> 
> Strangely, I can still auth from the CLI using ntlm_auth and wbinfo. So
> it appears as if the Samba connection to the AD is fine. Nothing has
> changed config wise between then and now, and I haven't found any
> interesting log information. You just get a "Login incorrect" when you
> try to login via PEAP->AD. Everything else is verified as working.
> 
> Aside from Freeradius itself, what are the differences between using
> ntlm_auth via CLI and via Freeradius?
> 
> Nathan Van Fleet
> Telecommunications Analyst
> Network Assessment and Integration
> IITS Concordia University
> (514) 848-2424 Extension:5434
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list