On Mon, 2009-04-13 at 22:20 +0100, Ivan Kalik wrote:
using the ca.der and caclient.p12 (using Ivan's newer script for generating) for TLS
That was for 2.0.5. 2.1.x has updated Makefile by default.
it didn't have the various caclient generation stuff -----
Below is radiusd -X log with one failed attempt and it just seems as if the eap challenges go out but responses never come back.
[ldap] checking if remote access for spare is allowed by uid [ldap] Added User-Password = {crypt}$OBSCURED in check items [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x$OBSCURED rlm_ldap: sambaLmPassword -> LM-Password == 0x$OBSCURED ... [eap] processing type md5 rlm_eap_md5: Issuing Challenge ...
No wonder. You are using crypt and nt hased passwords for EAP-MD5. That can't work.
http://deployingradius.com/documents/protocols/compatibility.html
OK that sort of makes sense to me. So I have two sections in eap.conf, ttls and peap which both ask for 'default_eap_type = *' and I have set them both to mschapv2 and in the eap section at the top, I changed default_eap_type to tls Does this make sense? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.