FW: Problem with PEAP MS-ChapV2 against AD

Robert Graham rgraham at mem-ins.com
Sat Jan 15 00:18:56 CET 2011


Alan,

Thanks for the tips.  I followed everything, PAP worked fine, but I still
had problems with EAP even with using the certificates from the Radius
disto.  The part that didn't make a lot of sense to me was it would go thru
all the process, and MSCHAP showed success:

[mschap] Creating challenge hash with username: test1
[mschap]        expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=101d5affa80deb2a
[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=2ff233ba94c6cc0ff8b204e09e8217c1f93dd23f6a175caa
Exec-Program output: NT_KEY: D17434B7303CD6FA2ABE17CDB536D69D
Exec-Program-Wait: plaintext: NT_KEY: D17434B7303CD6FA2ABE17CDB536D69D
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success

But after that was [peap] Got tunneled reply code 11.  Some searches on
google indicated that I might be facing a Samba bug.  After upddating to the
latest release 3.5.6 and adding winbind:forcesamlogon to the smb.conf file
it started working.

Now I am off to adding LDAP for group membership and configure for dynamic
vlans and acls.

-Robert



-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/FW-Problem-with-PEAP-MS-ChapV2-against-AD-tp3340563p3342137.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list