PEAP - AD Disabled
Danner, Mearl
jmdanner at samford.edu
Fri Jun 25 15:33:39 CEST 2010
Have you checked the certificate? That's one major difference. ntlm-auth is the auth after the cert conversation in PEAP is done.
Maybe a radiusd -X log to help us along?
From: freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org] On Behalf Of Nathan McDavit-Van Fleet
Sent: Friday, June 25, 2010 8:22 AM
To: 'FreeRadius users mailing list'
Subject: PEAP - AD Disabled
Okay,
I've had a working config with the following for the past month.
TTLS->LDAP
PEAP->AD
PEAP->Local Users File
After a month running everything perfectly, 3 days ago the "PEAP-AD" portion of the AAA failed. This is for wireless auth.
Strangely, I can still auth from the CLI using ntlm_auth and wbinfo. So it appears as if the Samba connection to the AD is fine. Nothing has changed config wise between then and now, and I haven't found any interesting log information. You just get a "Login incorrect" when you try to login via PEAP->AD. Everything else is verified as working.
Aside from Freeradius itself, what are the differences between using ntlm_auth via CLI and via Freeradius?
Nathan Van Fleet
Telecommunications Analyst
Network Assessment and Integration
IITS Concordia University
(514) 848-2424 Extension:5434
More information about the Freeradius-Users
mailing list