Put a test user in the "users" file: test Cleartest-Password := "blah", MS-CHAP-Use-NTLM-Auth := 0
TTLS/MSCHAPV2 works! STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station MS-MPPE-Send-Key (sign) - hexdump(len=32): 3f 44 63 81 21 70 77 27 c0 b8 f7 fd fb 83 9b 16 6c 15 e5 dd 09 29 32 0c 8c 0e 78 41 b6 a7 9b c7 MS-MPPE-Recv-Key (crypt) - hexdump(len=32): c2 48 21 44 3a 14 c1 7a f2 58 9b 0f e5 7c ab 80 6b b5 ff 58 62 46 b7 32 86 fd ee eb eb 38 46 69 decapsulated EAP packet (code=3 id=8 len=4) from RADIUS server: EAP Success EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required WPA: EAPOL processing complete EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=1 PMK from EAPOL - hexdump(len=32): c2 48 21 44 3a 14 c1 7a f2 58 9b 0f e5 7c ab 80 6b b5 ff 58 62 46 b7 32 86 fd ee eb eb 38 46 69 EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit ENGINE: engine deinit MPPE keys OK: 1 mismatch: 0 SUCCESS
If that still fails, then there's something wrong with the system that breaks the server in 2.0.5.
Running Samba 3.2.0 on Fedora 9
Your problem is very odd. I'm using 2.0.5 on RHEL5 with ntlm_auth and it's working fine.
The only time I've seen eapol_test fail with "mismatch" is when I've failed to strip the DOMAIN\ or @DOMAIN.COM from usernames with realms and this has confused the key hashing - but your usernames are unadorned.
Perhaps the Samba version in F9 has problems? What OS and samba version
is your (working) 1.1.7 server running?
Samba 3.0.28 for fc7 Thanks