Help with machine authentication
Eldred, Bob
Bob.Eldred at iberdrolaren.com
Tue Apr 26 19:45:12 CEST 2011
> Once you've done it once, you can export it as a "netsh" XML
> profile, then re-import it on other machines. Or use group
> policy on domain members.
Group policy is the plan.
> %{mschap:NT-Domain} will expand the above to "ppmenergy". So,
> if the short-form (NT4-style name) of your AD realm is
> "ppmenergy" that'll be fine.
Perfect, thanks.
> > Sending Access-Challenge of id 219 to 10.56.160.5 port 32768
> > EAP-Message = 0x010700061900
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x1c7725f518703c6d6a5dce719626f316
> > Finished request 14.
> > Going to the next request
> > Waking up in 4.9 seconds.
>
> ...and.... what happens next? This is just a single request. EAP
> authentication involves lots of pairs of request/challenge,
> with a final
> request/accept or request/reject.
>
> I am going to take a wild guess - you are using "ntlm_auth"
> and you need
> to edit the command line in raddb/modules/mschap to read:
>
> ntlm_auth = ".... --username=%{mschap:User-Name} ..."
>
> If not, please show the full authentication attempt so we can
> see where
> it fails.
Well.... The issue turned out to be client-side. The root certificate
had not imported successfully. Once I fixed that, it all automagically
worked. Thank you very much for your response.
Bob
Please be advised that email addresses for Iberdrola Renewables personnel have changed to first.last at iberdrolaREN.com effective Aug. 16, 2010. Please make a note. Thank you.
This message is intended for the exclusive attention of the recipient(s) indicated. Any information contained herein is strictly confidential and privileged. If you are not the intended recipient, please notify us by return e-mail and delete this message from your computer system. Any unauthorized use, reproduction, alteration, filing or sending of this message and/or any attached files may lead to legal action being taken against the party(ies) responsible for said unauthorized use. Any opinion expressed herein is solely that of the author(s) and does not necessarily represent the opinion of the Company. The sender does not guarantee the integrity, speed or safety of this message, and does not accept responsibility for any possible damage arising from the interception, incorporation of viruses, or any other damage as a result of manipulation.
More information about the Freeradius-Users
mailing list