Configuring FreeRADIUS to use ntlm_auth for MS-CHAP
Pedro Alves
pedrojmalves at gmail.com
Fri Apr 30 20:22:36 CEST 2010
I think the problem is the Windows Supplicant because i use a "Intel PROSet
Wireless" to connect with success.
Need to add
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
to the PKCS#7 keybag attributes holding the client's private key.
Already search in here but the two info pages I find are broken:
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
http://www.hep.phys.soton.ac.uk/~jhe/documents/WPA-Authentication+RADIUS-HOW
TO.html
How can I do this ?
Thanks
-----Original Message-----
From: freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org
[mailto:freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org
] On Behalf Of Alan DeKok
Sent: sexta-feira, 30 de Abril de 2010 8:58
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP
Pedro Alves wrote:
> Using JRadiusSimulator to test and receive "Sending Access-Accept" :)
>
> But when i use a client AP Cisco Aironet 1121, only users from "files" can
> connect, users on AD dont.
...
> Sending Access-Challenge of id 110 to 10.1.3.17 port 1645
> EAP-Message =
>
0x011c004a1900170301003faca645f76e5aff8c761515bd9d8c3213f7e06d164a58508ec372
> 6451efcaa894181735f73811912c526d93579a32e2887690f78fb267de6af44993815d126a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xac9d3931ab8120751e3f7dd68458a60f
> Finished request 149.
> Going to the next request
> Waking up in 4.7 seconds.
See the FAQ and the comments in eap.conf in recent versions of the server.
It may also be a Samba bug. See:
https://bugzilla.samba.org/show_bug.cgi?id=6563
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list