EAP-TTLS (PAP) with Win2K3 domain not working

Petar Marinkovic highl1 at gmail.com
Thu Jun 25 18:11:38 CEST 2009 

First, thanks Alan for your help, I managed to make it work with AD. Now I
want to try to test to make EAP-TTLS with PAP to authenticate users in
domain. I saw this link
http://lists.freeradius.org/mailman/htdig/freeradius-users/2008-March/msg00417.html

So I added following lines to modules section of radiusd.conf

 exec ntlm_auth_pap {
		wait = yes
		input_pairs = request
		shell_escape = yes
		output = none

		program = "/path/to/ntlm_auth --username=%{User-Name} --domain=EXCHANGE
--password=%{User-Password}"
  }

and I edited /etc/freeradius/sites-available/default file and
/etc/freeradius/sites-enabled/default, section authenticate to

Auth-Type PAP
{
ntlm_auth_pap
}

But when user tries to connect, I get following error:

[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
    User-Name = "testuser"
    User-Password = "testuserpass"
    FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
    User-Name = "testuser"
    User-Password = "testuserpass"
    FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user

Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
  SSL: Removing session
963d9312e7948dc613d384208137728dce44b3071923bb0c257aeaf9229a1a95 from
the cache

[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.

If someone can help, that would be great. Thanks once again for your help
with my previous question folks, I really appreciate it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090625/56ff14a3/attachment.html>

More information about the Freeradius-Users mailing list