PEAP fatal bad_certificate
Ruslan N. Marchenko
ruff at olimp.ua
Thu Jun 14 13:28:21 CEST 2007
On Tue, 12 Jun 2007 07:56:28 +0100
"Ruslan N. Marchenko" <ruff at olimp.ua> wrote:
>
> It seems to be not a particular question, but...
>
> client - winxp wireless, ap - AIR-AP1131AG-E-K9, server
> 1.1.6. fresh install.
> certificates generated according to CA.all (with
> xp-extension and conversion to pkcs12)
>
Ok, tls seems to be working now.
But ntlm_auth fails. It pass username with domain name,
despite
--username=%{Stripped-User-Name:-%{User-Name:-None}}
option and with_ntdomain_hack = yes in mschapv2 section
in eap.conf.
radius_xlat: Running registered xlat function of module
mschap for string 'NT-Domain'
radius_xlat: '--domain=headquarters'
radius_xlat: '--username=headquarters\\test'
radius_xlat: Running registered xlat function of module
mschap for string 'Challenge'
mschap2: 41
radius_xlat: '--challenge=67b84c92c98d2be0'
radius_xlat: Running registered xlat function of module
mschap for string 'NT-Response'
radius_xlat:
'--nt-response=52471b2a1db2fa3a00a03c182551317e48acea4a4f30f393'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject
for request 6
maybe there are some more options to specify in order to
make it work properly?
--
Olimp, System Administrator IT Dept.
Fax. +380(62)381-3428
Tel. +380(62)381-3978-5
----
Looking forward to reading yours.
RUFF-RIPE DI76-GANDI RUFF-6BONE
Ruslan N. Marchenko
More information about the Freeradius-Users
mailing list