samba > 3.0.33

Casartello, Thomas tcasartello at wsc.ma.edu
Tue Jan 11 03:11:41 CET 2011 

Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the same type of error I'd get as if I didn't have the xpextensions on my cert (Even though I do.) No response to access-challenge. If I go back to 3.0.30 it immediately works....Starting to run into a problem because 3.0.30 won't work will 2008 r2 domain controllers. Again my cert does have the xpextensions. And it does this to all clients,, not just Microsoft. Here's the end of my debug:



[mschap]        expand: --username=%{mschap:User-Name:-None} -> --username=tomtom

[mschap]        expand: %{mschap:NT-Domain} -> ADS

[mschap]        expand: --domain=%{%{mschap:NT-Domain}:-ADS} -> --domain=ADS

[mschap]  mschap2: d3

[mschap] Creating challenge hash with username: tomtom

[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba19d84bdab789ef

[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=27a757e4b32c51011216ac7fff78219563fc14af067f3d05

Exec-Program output: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F

Exec-Program-Wait: plaintext: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F

Exec-Program: returned: 0

[mschap] adding MS-CHAPv2 MPPE keys

++[mschap] returns ok

MSCHAP Success

++[eap] returns handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

        EAP-Message = 0x010c00331a030b002e533d33333133453034393739353130383137303633423342413033324339383343383832413937323736

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed

[peap] Got tunneled reply RADIUS code 11

        EAP-Message = 0x010c00331a030b002e533d33333133453034393739353130383137303633423342413033324339383343383832413937323736

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed

[peap] Got tunneled Access-Challenge

++[eap] returns handled

Sending Access-Challenge of id 17 to 172.20.4.253 port 32769

        EAP-Message = 0x010c005b19001703010050e5f53b91a3b5214c1a0f1ee21b46045f6992732a92d882e4359ed17b1dfffcb69d20d4645caa74a94ea448cd54c76c041c642d05801fa0a4f830247b30f9723884d6fbaa35f6b11398741f833bc68f08

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xedeb59b2eae740f09f949186981dc8bc

Finished request 10.

Going to the next request

Waking up in 4.7 seconds.

Cleaning up request 3 ID 10 with timestamp +11

Cleaning up request 4 ID 11 with timestamp +11

Cleaning up request 5 ID 12 with timestamp +11

Cleaning up request 6 ID 13 with timestamp +11

Cleaning up request 7 ID 14 with timestamp +11

Cleaning up request 8 ID 15 with timestamp +11

Waking up in 0.1 seconds.

Cleaning up request 9 ID 16 with timestamp +11

Cleaning up request 10 ID 17 with timestamp +11

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WARNING: !! EAP session for state 0xedeb59b2eae740f0 did not finish!

WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!





Thomas E. Casartello, Jr.

Staff Assistant - Wireless/Linux Administrator

Information Technology

Wilson 105A

Westfield State College

(413) 572-8245



Red Hat Certified Technician (RHCT)

Cisco Certified Network Associate (CCNA)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110110/bcb759f4/attachment.html>

More information about the Freeradius-Users mailing list