MS 8021.x PEAP failing
Gary Gatten
Ggatten at waddell.com
Thu Aug 20 22:54:54 CEST 2009
Whoops! I tried the change you mentioned and now can't get manual auth
to work either. I commented out the working lines and restored them,
but still no love! $hit.....
-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.or
g] On Behalf Of Gary Gatten
Sent: Thursday, August 20, 2009 3:22 PM
To: FreeRadius users mailing list
Subject: RE: MS 8021.x PEAP failing
Nope - no love! I'll capture a successful PEAP login when I manually
enter the credentials, and the failed login when using the "windows"
credentials.
Standby.
Gary
-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.or
g] On Behalf Of Alan Buxey
Sent: Thursday, August 20, 2009 2:14 PM
To: FreeRadius users mailing list
Subject: Re: MS 8021.x PEAP failing
Hi,
> If in my PEAP conf I uncheck "Automatically use my Windows logon name
> and password" and enter my username/password manually - I auth fine.
>
> I've been playing around with conf/module files trying to strip the
> DOMAIN out of my login request - but no luck!
this pretty muhc works out of the box... you just need to ensure
that in your mschap module you have
with_ntdomain_hack = yes
and the ntlm_auth line needs to look like
/usr/bin/ntlm_auth --request-nt-key
--username=%{%{mschap:User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
(if using eg AD)
this should happily deal with the 'windows logon' issue
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
<font size="1">
<div style='border:none;border-bottom:double windowtext
2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
More information about the Freeradius-Users
mailing list