Authenticating agains AD issues

Phil Mayers p.mayers at imperial.ac.uk
Thu Oct 28 17:19:52 CEST 2010


On 28/10/10 15:48, Johnson, Neil M wrote:
>
> I've been following the reciepe on the "Deploying RADIUS" web site, but
> I have been unable to get an iPhone or Laptop to authenticate to wireless.
>
> It appears from the log that ntlm_auth is behaving correctly but the the
> challenge continues.
>
> I'm running 2.1.9 on Fedora 12 using the demonstration certificates.
>
> Here is the last part of the log file:

Hmm. Since this happens inside the PEAP tunnel, I don't think it's the 
usual "bad certs" error. I suspect it's the "Buggy samba mis-calculating 
MS-CHAP response" issue. See here for the latest round of discussion:

http://freeradius.1045715.n5.nabble.com/which-samba-version-patch-for-Active-Directory-2008-td2837914.html

Samba 3.0.x is known to work, as is very recent 3.5 or 3.4 releases. For 
other versions, you may need the patch here:

https://bugzilla.samba.org/show_bug.cgi?id=7568



More information about the Freeradius-Users mailing list