<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div>ah okay! lol<br><br>> "f you want to authenticate PEAP users via SQL (which you seem<br>> to be saying), then don't configure the mschap module to use ntlm_auth."<br><br>my mistake: i didn't know...<br><br>back to Users based on AD.<br><br>username=glouglou<br>passwd=glouglou<br>domain=PLUTON<br>---------------------------------------------------------------------------------------------------<br>aaa:~ # ntlm_auth --username=glouglou --request-nt-key --domain=PLUTON<br>password:<br>NT_STATUS_OK: Success (0x0)<br>aaa:~ # <br>---------------------------------------------------------------------------------------------------<br><br>in etc/raddb/module/mschap, i have
this for ntlm_auth:<br><br>---------------------<br>mschap {<br> use_mppe = yes<br> #require_encryption = yes<br> #require_strong = yes<br> with_ntdomain_hack = yes<br><br> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br><br> #ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br>}<br>---------------------<br><br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;">----- Message d'origine ----<br>De : Alan DeKok <aland@deployingradius.com><br>À : FreeRadius users mailing list
<freeradius-users@lists.freeradius.org><br>Envoyé le : Samedi, 19 Juillet 2008, 18h07mn 43s<br>Objet : Re: Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?<br><br>Reveal MAP wrote:<br>> user=maman<br>> passwd= maman<br>> is a sql based user.<br>> <br>> trying peap with sql based user give error message,<br><br> Which... is what? Is it a secret?<br><br>> but trying it with<br>> Ad_based user give no error message, just don't connect...<br><br> FreeRADIUS gives no error message? Or the client? Are you trying to<br>debug the FreeRADIUS configuration by looking at the login screen on the<br> client machine?<br><br>> with radtest:<br><br> Which sends a PAP request. Which doesn't use the MS-CHAP module.<br>Which doesn't go to AD.<br><br>> same credential with my Access-Point (part of output).<br>>
---------------------------------------------------------------------------------------------<br>> <br>> rlm_eap: Request found, released from the list<br>> rlm_eap: EAP/mschapv2<br><br> Which is using MS-CHAP. Which then uses the MS-CHAP module. Which<br>*you* have configured to ask AD.<br><br>> Exec-Program output: Logon failure (0xc000006d)<br><br> So... fix that. Run ntlm_auth from the command line until it works.<br>Then use the same password to log in via PEAP.<br><br> Or... if you want to authenticate PEAP users via SQL (which you seem<br>to be saying), then don't configure the mschap module to use ntlm_auth.<br><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></div><br>
<hr size="1">
Envoyé avec <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo! Mail</a>.<br>Une boite mail plus intelligente. </a></body></html>