<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Baskerville Old Face";
panose-1:2 2 6 2 8 5 5 2 3 3;}
@font-face
{font-family:"Edwardian Script ITC";
panose-1:3 3 3 2 4 7 7 13 8 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Yes, I did.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Neil<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-- <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Neil Johnson<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Network Engineer<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Information Technology Services<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The University of Iowa<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>319 384-0938<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>neil-johnson@uiowa.edu <o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
freeradius-users-bounces+neil-johnson=uiowa.edu@lists.freeradius.org
[mailto:freeradius-users-bounces+neil-johnson=uiowa.edu@lists.freeradius.org] <b>On
Behalf Of </b>Sallee, Stephen (Jake)<br>
<b>Sent:</b> Thursday, October 28, 2010 10:15 AM<br>
<b>To:</b> FreeRadius users mailing list<br>
<b>Subject:</b> RE: Authenticating agains AD issues<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Did you enable the “WITH NT DOMAIN HACK” in your MSCHAP module?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='font-size:24.0pt;font-family:"Edwardian Script ITC";
color:#1F497D'>Jake Sallee<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";
color:#1F497D'>Godfather Of Bandwidth<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";
color:#1F497D'>Network Engineer<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";
color:#1F497D'>Fone: 254-295-4658<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";
color:#1F497D'>Phax: 254-295-4221<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Baskerville Old Face","serif";
color:#1F497D'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] <b>On
Behalf Of </b>Johnson, Neil M<br>
<b>Sent:</b> Thursday, October 28, 2010 9:48 AM<br>
<b>To:</b> freeradius-users@lists.freeradius.org<br>
<b>Subject:</b> Authenticating agains AD issues<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<p class=MsoNormal>I've been following the reciepe on the "Deploying
RADIUS" web site, but I have been unable to get an iPhone or Laptop to
authenticate to wireless.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>It appears from the log that ntlm_auth is behaving correctly
but the the challenge continues.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>I'm running 2.1.9 on Fedora 12 using the demonstration
certificates.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Here is the last part of the log file:<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Thanks in advance.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>-Neil<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<div>
<p class=MsoNormal>[eap] Request found, released from the list<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[eap] EAP/mschapv2<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[eap] processing type mschapv2<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschapv2] +- entering group MS-CHAP {...}<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] Told to do MS-CHAPv2 for nmjoo with NT-Password<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] expand:
%{Stripped-User-Name} -> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] ... expanding second
conditional<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] WARNING: Deprecated conditional expansion
":-". See "man unlang" for details<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] expand:
%{User-Name:-None} -> IOWA\nmjoo<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] expand:
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}} ->
--username=IOWA\nmjoo<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] mschap2: 5e<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] expand:
--challenge=%{mschap:Challenge:-00} -> --challenge=13fe382b60e3bba9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] expand:
--nt-response=%{mschap:NT-Response:-00} ->
--nt-response=24bf15cdc812e5f7fb9723f21143bb775b24a1914870caf0<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Exec-Program output: NT_KEY:
0FD5C0593F3B79F0478DB821B51BCB38 <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Exec-Program-Wait: plaintext: NT_KEY:
0FD5C0593F3B79F0478DB821B51BCB38 <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Exec-Program: returned: 0<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[mschap] adding MS-CHAPv2 MPPE keys<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>++[mschap] returns ok<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>MSCHAP Success <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>++[eap] returns handled<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>} # server inner-tunnel<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[peap] Got tunneled reply code 11<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> EAP-Message =
0x010a00331a0309002e533d36463744463330464436383432423542423738463736454339423230454534453639434431463338<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> Message-Authenticator =
0x00000000000000000000000000000000<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> State =
0x9b59f55f9a53ef43871eb82ef0802a05<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[peap] Got tunneled reply RADIUS code 11<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> EAP-Message =
0x010a00331a0309002e533d36463744463330464436383432423542423738463736454339423230454534453639434431463338<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> Message-Authenticator =
0x00000000000000000000000000000000<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> State =
0x9b59f55f9a53ef43871eb82ef0802a05<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>[peap] Got tunneled Access-Challenge<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>++[eap] returns handled<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Sending Access-Challenge of id 112 to 128.255.11.74 port
32768<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> EAP-Message =
0x010a005b19001703010050f59dec82774ce4b8dc5bb542e29881b2cb321a7136c39e4f1a498708fa2515da475f29ec726bd310dd96ab7ae6de4a85f079285567b375a7fa02d137f9d0d2adcf75dc887c91c50a41e041c13b370882<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> Message-Authenticator =
0x00000000000000000000000000000000<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> State =
0xa489d972ac83c05d8d6d2302f3fa3977<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Finished request 17.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Going to the next request<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Waking up in 3.2 seconds.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 0 ID 95 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 1 ID 96 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 2 ID 97 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 3 ID 98 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 4 ID 99 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 5 ID 100 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 6 ID 101 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 7 ID 102 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 8 ID 103 with timestamp +9<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Waking up in 1.0 seconds.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 9 ID 104 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 10 ID 105 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 11 ID 106 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 12 ID 107 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 13 ID 108 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 14 ID 109 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 15 ID 110 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 16 ID 111 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Cleaning up request 17 ID 112 with timestamp +10<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal>Ready to process requests.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>-- <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>Neil Johnson<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>Network Engineer<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>Information Technology Services<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>The University of Iowa<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>Work: 319 384-0938<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>Mobile: 319 540-2081<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>Fax: 319 355-2618<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:Consolas;
color:black'>E-mail: <a href="mailto:neil-johnson@uiowa.edu">neil-johnson@uiowa.edu</a><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";
color:black'><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";
color:black'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";
color:black'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";
color:black'><o:p> </o:p></span></p>
</div>
</div>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>