Perhaps try it with a Cleartext-Password in the "users" file. i.e. *Without* using ntlm_auth. That works for me, including with eapol_test, and TTLS/EAP-MSCHAPv2.
Can you clarify this setup/change to test? I was pretty sure I needed to use ntlm_auth to auth against AD to test mschapv2
Put a test user in the "users" file: test Cleartest-Password := "blah", MS-CHAP-Use-NTLM-Auth := 0
If that still fails, then there's something wrong with the system that breaks the server in 2.0.5.
Running Samba 3.2.0 on Fedora 9
Your problem is very odd. I'm using 2.0.5 on RHEL5 with ntlm_auth and it's working fine. The only time I've seen eapol_test fail with "mismatch" is when I've failed to strip the DOMAIN\ or @DOMAIN.COM from usernames with realms and this has confused the key hashing - but your usernames are unadorned. Perhaps the Samba version in F9 has problems? What OS and samba version is your (working) 1.1.7 server running?
FYI: Unknown network block for the CA_CERT with regards to the eapol test config file
What does that mean? Within the config you provided to for eapol_test at the bottom is a ca_cert declaration that errors out when uncommented
Anyone using FC9 with freeradius 2.0.5 against AD working that I can use to compare?
Thanks much appreciated
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html