FreeRadius 2.0.5 AD PEAP
Phil Mayers
p.mayers at imperial.ac.uk
Thu Aug 21 10:31:59 CEST 2008
>> Perhaps try it with a Cleartext-Password in the "users" file. i.e.
>>*Without* using ntlm_auth. That works for me, including with
>eapol_test, and TTLS/EAP-MSCHAPv2.
>
>Can you clarify this setup/change to test? I was pretty sure I needed
>to use ntlm_auth to auth against AD to test mschapv2
Put a test user in the "users" file:
test Cleartest-Password := "blah", MS-CHAP-Use-NTLM-Auth := 0
>
>> If that still fails, then there's something wrong with the system
>that breaks the server in 2.0.5.
>
>Running Samba 3.2.0 on Fedora 9
Your problem is very odd. I'm using 2.0.5 on RHEL5 with ntlm_auth and
it's working fine.
The only time I've seen eapol_test fail with "mismatch" is when I've
failed to strip the DOMAIN\ or @DOMAIN.COM from usernames with realms
and this has confused the key hashing - but your usernames are
unadorned.
Perhaps the Samba version in F9 has problems? What OS and samba version
is your (working) 1.1.7 server running?
>
>> FYI: Unknown network block for the CA_CERT with regards to the eapol
>> test config file
>
>> What does that mean?
>Within the config you provided to for eapol_test at the bottom is a
>ca_cert declaration that errors out when uncommented
>
>Anyone using FC9 with freeradius 2.0.5 against AD working that I can use
>to compare?
>
>Thanks much appreciated
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list