MS 8021.x PEAP failing

Gary Gatten Ggatten at waddell.com
Thu Aug 20 23:58:08 CEST 2009


OK, got manual PEAP auth working again.




-----Original Message-----
From: Gary Gatten 
Sent: Thursday, August 20, 2009 3:55 PM
To: 'FreeRadius users mailing list'
Subject: RE: MS 8021.x PEAP failing

Whoops!  I tried the change you mentioned and now can't get manual auth
to work either.  I commented out the working lines and restored them,
but still no love!  $hit.....



-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.or
g] On Behalf Of Gary Gatten
Sent: Thursday, August 20, 2009 3:22 PM
To: FreeRadius users mailing list
Subject: RE: MS 8021.x PEAP failing

Nope - no love!  I'll capture a successful PEAP login when I manually
enter the credentials, and the failed login when using the "windows"
credentials.

Standby.

Gary


-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.or
g] On Behalf Of Alan Buxey
Sent: Thursday, August 20, 2009 2:14 PM
To: FreeRadius users mailing list
Subject: Re: MS 8021.x PEAP failing

Hi,

> If in my PEAP conf I uncheck "Automatically use my Windows logon name
> and password" and enter my username/password manually - I auth fine.
> 
> I've been playing around with conf/module files trying to strip the
> DOMAIN out of my login request - but no luck!

this pretty muhc works out of the box... you just need to ensure
that in your mschap module you have

with_ntdomain_hack = yes

and the ntlm_auth line needs to look like

/usr/bin/ntlm_auth --request-nt-key
--username=%{%{mschap:User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}

(if using eg AD)

this should happily deal with the 'windows logon' issue

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext
2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>





More information about the Freeradius-Users mailing list