Hi,
peap {
default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no
personally, I'd advise that you set those to yes rather than no.
File /etc/raddb/users
DEFAULT Auth-Type = ntlm_auth
you dont need to do this. ever. we do PEAP and dont have such a line - in fact, the only time you need to est this is if you need to break the system in a wierd way
Files /etc/raddb/sites-enable/inner-tunnel and /etc/raddb/sites-enable/default
authenticate { .... ntlm_auth ... }
no no no. leave the inner-tunnel and default exactly as you found them - it will work out of the box. what guide were you following to get this working? I ask because if there is some document out there than it needs to be taken down.
[root@radiusserver etc]# ntlm_auth --request-nt-key --domain=MYDOMAINTEST --username=testuser01 --password=test NT_STATUS_OK: Success (0x0)
good, that bits fine
[root@radiusserver /]# radtest testuser01 test localhost 0 teste123 Sending Access-Request of id 51 to 127.0.0.1 port 1812 User-Name = "testuser01" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=51, length=20
and all thats done is a basic PAP test. you'd need to use more advanced tools such as eapol_test from the wpa_supplicant package for actually simulating a standard Windows client that is doing an EAP method - with an EAP test your packets would be proxied into the inner-tunnel virtual server... alan