James Yale wrote:
With a default configuration EAP works with a user specified in the users file with a cleartext password (http://jim.geezas.com/stuff/radius-debugging/ *-success.log files). This works via eapol and a Mac test client.
Ah.
As soon as I enable the MSCHAP module (uncommenting the ntlm auth line) all authentication queries the AD here, so the locally configured user fails. When I try a user configured in the AD I'm getting:
EAP-MSCHAPV2: Invalid authenticator response in success request
Upgrade Samba. If you're not using at least 3.2.1, upgrade to that.
http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the message authenticator does seem to be invalid,
No. eapol_test is saying that the MSCHAP response is invalid.
Has anyone seen this problem before, or am I looking in the wrong place?
Others have seen exactly the same thing in the past weeks. Upgrading Samba fixed it. Alan DeKok.