<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19019"></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>This is on a samba domain Phil as per the cool solutions article I mentioned in an earlier post. I am looking into my Aruba settings now for termination</DIV>
<DIV> </DIV>
<DIV>Mark<BR><BR>>>> Phil Mayers <p.mayers@imperial.ac.uk> 5/19/2011 1:58 AM >>><BR><BR>> User-Name = "host/TECH-11501"<BR><BR>Machines which are in the domain normally have this as:<BR><BR>host/name.domain.com<BR><BR>i.e. there is a "domain.com" at the end of the name.<BR><BR>The absence of that suggests to me that the machine is not a domain <BR>member. Is that the case? If so, it cannot do machine auth.<BR><BR>> Calling-Station-Id = "00265EE9B2CA"<BR>> Called-Station-Id = "000B86611894"<BR>> MS-CHAP-Challenge = 0x5551e00f40ce355de8053dbc2f64b5dd<BR>> MS-CHAP2-Response =<BR>> 0x0700226e95f1d0ae4efe8f381fd3714c7b0f0000000000000000904f33f5941ab6017f433da0f45438dc665447e9d6510a2d<BR>> Service-Type = Login-User<BR>> Aruba-Essid-Name = "HPSD_RAD2"<BR>> Aruba-Location-Id = "Tech 01"<BR><BR>Great. More Aruba, probably terminating the PEAP locally. What a junky <BR>product.<BR><BR>See other posts on the list in the past few days - you should DISABLE <BR>"terminate PEAP" (or whatever the option is) on your Aruba equipment, <BR>and let it do the EAP/PEAP.<BR><BR>> +- entering group MS-CHAP {...}<BR>> [mschap] Creating challenge hash with username: host/TECH-11501<BR>> [mschap] Told to do MS-CHAPv2 for host/TECH-11501 with NT-Password<BR>> [mschap] FAILED: MS-CHAP2-Response is incorrect<BR><BR>Hmm. Indicating the password is not correct or the EAP has been fiddled <BR>with.<BR>-<BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A><BR></DIV><BR>
<p>
<font face="Times New Roman"><b>This communication is intended for the
use of the recipient to which it is addressed and may contain
confidential, personal and/or privileged information. If you received
this e-mail in error, please advise me (by return e-mail or otherwise)
immediately.</b></font>
</p>
</BODY></HTML>