eduroam PEAP + TTLS
Jean-Philippe Ghibaudo
legdf at hotmail.com
Mon Jun 21 17:35:57 CEST 2010
Thank you so much, you were right, once more as it seems, I've just downgraded samba to native version (3.2.5) on my Debian Lenny and it works !
I had'nt managed to have samba 3.2.5 working the first time so I have tried 3.5.3 but with the same .conf, it works perfectly.
> Date: Mon, 21 Jun 2010 16:46:05 +0200
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: eduroam PEAP + TTLS
>
> Jean-Philippe Ghibaudo wrote:
> > I need to have EAP-TTLS working with LDAP bind and PEAP-MSCHAPV2 with
> > Samba + Winbind + Active Directory.
>
> That should be possible. Follow the guides, and it should work.
>
> > I've got winbind very unstable... I can successfully authenticate using
> > eapol_test but a few minutes later, I've got a
> > MPPE keys mismatch. If I restart winbind, I can authenticate few times
> > and then, it stops working.
>
> That sounds like a Samba problem. See
>
> https://bugzilla.samba.org/show_bug.cgi?id=6563
>
> > I'm not really sure to understand how I have to set "Auth-Type" in
> > inner-tunnel and/or default (sites-enabled).
>
> Don't. Leave the defaults alone. Only make the changes which are
> recommended by the guides (e.g. deployingradius.com)
>
> > I've got :
> ...
> > in the authenticate section. I've got mschap then ldap in authorize section.
> >
> > Is there a mistake here ?
>
> No.
>
> > This is the end of the output of eapol_test for PEAP when it fails :
> ..
> > EAP-MSCHAPV2: Invalid authenticator response in success request
>
> It looks like that Samba bug.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
Hotmail : Simple et Efficace qui vous facilite la vie… Découvrez la NOW génération !
http://www.windowslive.fr/hotmail/nowgeneration/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100621/9962a68e/attachment.html>
More information about the Freeradius-Users
mailing list