MS 8021.x PEAP failing

[Garber, Neal]

> Yup, that line is there. Much of the doc online is WAY out of date, so I'm wondering if by actually RTFM first I broke something?


Ok.  This may sound crazy and it may not be your problem, but, I thought I'd mention it anyway..  Look at the samAccountName attribute in A/D for a user that is failing and see if it is all lowercase.  If not and the userid wasn't entered with the exact case in A/D, then you may receive Logon failure in some circumstances.  Check to see if your debug output shows "Logon failure" from ntlm_auth.  If so, you may be having the same problem I've seen (incorrect MS-CHAPv1 challenge created by rlm_mschap because the User-Name attribute doesn't exactly match the userid in the MS-CHAPv2 response packet's Name field).  I have a patch for this problem that I just finished testing earlier today.  I need to clean it up a bit (remove excess debug code) and then I will submit it.  If this is affecting you, logging on with cached credentials, entering the user/password manually or logging on with the userid in correct case is a workaround.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090820/33cd9cc3/attachment.html>