PEAP fatal bad_certificate

Ruslan N. Marchenko ruff at olimp.ua
Thu Jun 14 13:28:21 CEST 2007


On Tue, 12 Jun 2007 07:56:28 +0100
  "Ruslan N. Marchenko" <ruff at olimp.ua> wrote:
> 
> It seems to be not a particular question, but...
> 
> client - winxp wireless, ap - AIR-AP1131AG-E-K9, server 
> 1.1.6. fresh install.
> certificates generated according to CA.all (with 
> xp-extension and conversion to pkcs12)
> 
Ok, tls seems to be working now.
But ntlm_auth fails. It pass username with domain name, 
despite 
--username=%{Stripped-User-Name:-%{User-Name:-None}}
option and  with_ntdomain_hack = yes in mschapv2 section 
in eap.conf.

radius_xlat: Running registered xlat function of module 
mschap for string 'NT-Domain'
radius_xlat:  '--domain=headquarters'
radius_xlat:  '--username=headquarters\\test'
radius_xlat: Running registered xlat function of module 
mschap for string 'Challenge'
  mschap2: 41
radius_xlat:  '--challenge=67b84c92c98d2be0'
radius_xlat: Running registered xlat function of module 
mschap for string 'NT-Response'
radius_xlat: 
 '--nt-response=52471b2a1db2fa3a00a03c182551317e48acea4a4f30f393'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
   rlm_mschap: External script failed.
   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
   modcall[authenticate]: module "mschap" returns reject 
for request 6

maybe there are some more options to specify in order to 
make it work properly?

--
Olimp, System Administrator IT Dept.
Fax. +380(62)381-3428
Tel. +380(62)381-3978-5
----
Looking forward to reading yours.
  RUFF-RIPE DI76-GANDI RUFF-6BONE
      Ruslan N. Marchenko



More information about the Freeradius-Users mailing list