<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Baskerville Old Face";
panose-1:2 2 6 2 8 5 5 2 3 3;}
@font-face
{font-family:"Edwardian Script ITC";
panose-1:3 3 3 2 4 7 7 13 8 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Did you enable the “WITH NT DOMAIN HACK” in your MSCHAP module?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:24.0pt;font-family:"Edwardian Script ITC";color:#1F497D'>Jake Sallee<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";color:#1F497D'>Godfather Of Bandwidth<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";color:#1F497D'>Network Engineer<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";color:#1F497D'>Fone: 254-295-4658<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";color:#1F497D'>Phax: 254-295-4221<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";color:#1F497D'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] <b>On Behalf Of </b>Johnson, Neil M<br><b>Sent:</b> Thursday, October 28, 2010 9:48 AM<br><b>To:</b> freeradius-users@lists.freeradius.org<br><b>Subject:</b> Authenticating agains AD issues<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>I've been following the reciepe on the "Deploying RADIUS" web site, but I have been unable to get an iPhone or Laptop to authenticate to wireless.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>It appears from the log that ntlm_auth is behaving correctly but the the challenge continues.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I'm running 2.1.9 on Fedora 12 using the demonstration certificates.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Here is the last part of the log file:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks in advance.<o:p></o:p></p></div><div><p class=MsoNormal>-Neil<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal>[eap] Request found, released from the list<o:p></o:p></p></div><div><p class=MsoNormal>[eap] EAP/mschapv2<o:p></o:p></p></div><div><p class=MsoNormal>[eap] processing type mschapv2<o:p></o:p></p></div><div><p class=MsoNormal>[mschapv2] +- entering group MS-CHAP {...}<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] Told to do MS-CHAPv2 for nmjoo with NT-Password<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] expand: %{Stripped-User-Name} -> <o:p></o:p></p></div><div><p class=MsoNormal>[mschap] ... expanding second conditional<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] expand: %{User-Name:-None} -> IOWA\nmjoo<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=IOWA\nmjoo<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] mschap2: 5e<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=13fe382b60e3bba9<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=24bf15cdc812e5f7fb9723f21143bb775b24a1914870caf0<o:p></o:p></p></div><div><p class=MsoNormal>Exec-Program output: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 <o:p></o:p></p></div><div><p class=MsoNormal>Exec-Program-Wait: plaintext: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 <o:p></o:p></p></div><div><p class=MsoNormal>Exec-Program: returned: 0<o:p></o:p></p></div><div><p class=MsoNormal>[mschap] adding MS-CHAPv2 MPPE keys<o:p></o:p></p></div><div><p class=MsoNormal>++[mschap] returns ok<o:p></o:p></p></div><div><p class=MsoNormal>MSCHAP Success <o:p></o:p></p></div><div><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p></div><div><p class=MsoNormal>} # server inner-tunnel<o:p></o:p></p></div><div><p class=MsoNormal>[peap] Got tunneled reply code 11<o:p></o:p></p></div><div><p class=MsoNormal> EAP-Message = 0x010a00331a0309002e533d36463744463330464436383432423542423738463736454339423230454534453639434431463338<o:p></o:p></p></div><div><p class=MsoNormal> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></p></div><div><p class=MsoNormal> State = 0x9b59f55f9a53ef43871eb82ef0802a05<o:p></o:p></p></div><div><p class=MsoNormal>[peap] Got tunneled reply RADIUS code 11<o:p></o:p></p></div><div><p class=MsoNormal> EAP-Message = 0x010a00331a0309002e533d36463744463330464436383432423542423738463736454339423230454534453639434431463338<o:p></o:p></p></div><div><p class=MsoNormal> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></p></div><div><p class=MsoNormal> State = 0x9b59f55f9a53ef43871eb82ef0802a05<o:p></o:p></p></div><div><p class=MsoNormal>[peap] Got tunneled Access-Challenge<o:p></o:p></p></div><div><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p></div><div><p class=MsoNormal>Sending Access-Challenge of id 112 to 128.255.11.74 port 32768<o:p></o:p></p></div><div><p class=MsoNormal> EAP-Message = 0x010a005b19001703010050f59dec82774ce4b8dc5bb542e29881b2cb321a7136c39e4f1a498708fa2515da475f29ec726bd310dd96ab7ae6de4a85f079285567b375a7fa02d137f9d0d2adcf75dc887c91c50a41e041c13b370882<o:p></o:p></p></div><div><p class=MsoNormal> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></p></div><div><p class=MsoNormal> State = 0xa489d972ac83c05d8d6d2302f3fa3977<o:p></o:p></p></div><div><p class=MsoNormal>Finished request 17.<o:p></o:p></p></div><div><p class=MsoNormal>Going to the next request<o:p></o:p></p></div><div><p class=MsoNormal>Waking up in 3.2 seconds.<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 0 ID 95 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 1 ID 96 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 2 ID 97 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 3 ID 98 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 4 ID 99 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 5 ID 100 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 6 ID 101 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 7 ID 102 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 8 ID 103 with timestamp +9<o:p></o:p></p></div><div><p class=MsoNormal>Waking up in 1.0 seconds.<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 9 ID 104 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 10 ID 105 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 11 ID 106 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 12 ID 107 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 13 ID 108 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 14 ID 109 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 15 ID 110 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 16 ID 111 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Cleaning up request 17 ID 112 with timestamp +10<o:p></o:p></p></div><div><p class=MsoNormal>Ready to process requests.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>-- <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>Neil Johnson<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>Network Engineer<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>Information Technology Services<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>The University of Iowa<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>Work: 319 384-0938<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>Mobile: 319 540-2081<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>Fax: 319 355-2618<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;color:black'>E-mail: <a href="mailto:neil-johnson@uiowa.edu">neil-johnson@uiowa.edu</a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p> </o:p></span></p></div></div></div></div></div></div></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black'><o:p> </o:p></span></p></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>