Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves pedrojmalves at gmail.com
Fri Apr 30 20:22:36 CEST 2010


I think the problem is the Windows Supplicant because i use a "Intel PROSet
Wireless" to connect with success.

Need to add
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ xpserver_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

to the PKCS#7 keybag attributes holding the client's private key.

Already search in here but the two info pages I find are broken:
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
http://www.hep.phys.soton.ac.uk/~jhe/documents/WPA-Authentication+RADIUS-HOW
TO.html

How can I do this ?
Thanks

-----Original Message-----
From: freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org
[mailto:freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org
] On Behalf Of Alan DeKok
Sent: sexta-feira, 30 de Abril de 2010 8:58
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves wrote:
> Using JRadiusSimulator to test and receive "Sending Access-Accept" :)
> 
> But when i use a client AP Cisco Aironet 1121, only users from "files" can
> connect,	users on AD dont.
...
> Sending Access-Challenge of id 110 to 10.1.3.17 port 1645
>         EAP-Message =
>
0x011c004a1900170301003faca645f76e5aff8c761515bd9d8c3213f7e06d164a58508ec372
> 6451efcaa894181735f73811912c526d93579a32e2887690f78fb267de6af44993815d126a
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xac9d3931ab8120751e3f7dd68458a60f
> Finished request 149.
> Going to the next request
> Waking up in 4.7 seconds.

  See the FAQ and the comments in eap.conf in recent versions of the server.

  It may also be a Samba bug.  See:

https://bugzilla.samba.org/show_bug.cgi?id=6563

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list