eduroam PEAP + TTLS
Alan DeKok
aland at deployingradius.com
Mon Jun 21 16:46:05 CEST 2010
Jean-Philippe Ghibaudo wrote:
> I need to have EAP-TTLS working with LDAP bind and PEAP-MSCHAPV2 with
> Samba + Winbind + Active Directory.
That should be possible. Follow the guides, and it should work.
> I've got winbind very unstable... I can successfully authenticate using
> eapol_test but a few minutes later, I've got a
> MPPE keys mismatch. If I restart winbind, I can authenticate few times
> and then, it stops working.
That sounds like a Samba problem. See
https://bugzilla.samba.org/show_bug.cgi?id=6563
> I'm not really sure to understand how I have to set "Auth-Type" in
> inner-tunnel and/or default (sites-enabled).
Don't. Leave the defaults alone. Only make the changes which are
recommended by the guides (e.g. deployingradius.com)
> I've got :
...
> in the authenticate section. I've got mschap then ldap in authorize section.
>
> Is there a mistake here ?
No.
> This is the end of the output of eapol_test for PEAP when it fails :
..
> EAP-MSCHAPV2: Invalid authenticator response in success request
It looks like that Samba bug.
Alan DeKok.
More information about the Freeradius-Users
mailing list