eduroam PEAP + TTLS

Alan DeKok aland at
Mon Jun 21 16:46:05 CEST 2010

Jean-Philippe Ghibaudo wrote:
> I need to have EAP-TTLS working with LDAP bind and PEAP-MSCHAPV2 with
> Samba + Winbind + Active Directory.

  That should be possible.  Follow the guides, and it should work.

> I've got winbind very unstable... I can successfully authenticate using
> eapol_test but a few minutes later, I've got a
> MPPE keys mismatch. If I restart winbind, I can authenticate few times
> and then, it stops working.

  That sounds like a Samba problem.  See

> I'm not really sure to understand how I have to set "Auth-Type" in
> inner-tunnel and/or default (sites-enabled).

  Don't.  Leave the defaults alone.  Only make the changes which are
recommended by the guides (e.g.

> I've got :
> in the authenticate section. I've got mschap then ldap in authorize section.
> Is there a mistake here ?


> This is the end of the output of eapol_test for PEAP when it fails :
> EAP-MSCHAPV2: Invalid authenticator response in success request

  It looks like that Samba bug.

  Alan DeKok.

More information about the Freeradius-Users mailing list