MS 8021.x PEAP failing

Gary Gatten Ggatten at waddell.com
Fri Aug 21 00:10:17 CEST 2009 

Maybe, but I'm thinking it's the whole Domain Name thing being prepended
to my "user name".  When I login manually the user name is simply
"ggatten" and everything is happy.  When I choose "use windows logon
name and password" my "username" becomes "WADDELL\ggatten".

 

If I can strip off the domain name I think I'd be working.  Surely I'm
not the first to encounter this?  I'm on XP SP3 if it matters.

 

G

 

 

 

 

________________________________

From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.or
g] On Behalf Of Garber, Neal
Sent: Thursday, August 20, 2009 5:01 PM
To: 'FreeRadius users mailing list'
Subject: RE: MS 8021.x PEAP failing

 

> Yup, that line is there. Much of the doc online is WAY out of date, so
I'm wondering if by actually RTFM first I broke something?

Ok.  This may sound crazy and it may not be your problem, but, I thought
I'd mention it anyway..  Look at the samAccountName attribute in A/D for
a user that is failing and see if it is all lowercase.  If not and the
userid wasn't entered with the exact case in A/D, then you may receive
Logon failure in some circumstances.  Check to see if your debug output
shows "Logon failure" from ntlm_auth.  If so, you may be having the same
problem I've seen (incorrect MS-CHAPv1 challenge created by rlm_mschap
because the User-Name attribute doesn't exactly match the userid in the
MS-CHAPv2 response packet's Name field).  I have a patch for this
problem that I just finished testing earlier today.  I need to clean it
up a bit (remove excess debug code) and then I will submit it.  If this
is affecting you, logging on with cached credentials, entering the
user/password manually or logging on with the userid in correct case is
a workaround.






<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090820/2370835e/attachment.html>

More information about the Freeradius-Users mailing list