Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves pedrojmalves at
Fri Apr 30 20:22:36 CEST 2010

I think the problem is the Windows Supplicant because i use a "Intel PROSet
Wireless" to connect with success.

Need to add
[ xpclient_ext]
extendedKeyUsage =

[ xpserver_ext]
extendedKeyUsage =

to the PKCS#7 keybag attributes holding the client's private key.

Already search in here but the two info pages I find are broken:

How can I do this ?

-----Original Message-----
From: at
[ at
] On Behalf Of Alan DeKok
Sent: sexta-feira, 30 de Abril de 2010 8:58
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves wrote:
> Using JRadiusSimulator to test and receive "Sending Access-Accept" :)
> But when i use a client AP Cisco Aironet 1121, only users from "files" can
> connect,	users on AD dont.
> Sending Access-Challenge of id 110 to port 1645
>         EAP-Message =
> 6451efcaa894181735f73811912c526d93579a32e2887690f78fb267de6af44993815d126a
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xac9d3931ab8120751e3f7dd68458a60f
> Finished request 149.
> Going to the next request
> Waking up in 4.7 seconds.

  See the FAQ and the comments in eap.conf in recent versions of the server.

  It may also be a Samba bug.  See:

  Alan DeKok.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list