PAP with LDAP and PEAP/MSCHANPv2 with ntlm_auth
Neil Prockter
n.prockter at lse.ac.uk
Mon Jun 28 17:57:58 CEST 2010
On 25/06/10 22:23, Alan DeKok wrote:
> Neil Prockter wrote:
>> this is a config that works for PAP/LDAP but not PEAP/MSCHANPv2
>
> Change the version of Samba. From eap.conf:
>
> # If is still doesn't work, and you're using Samba,
> # you may be encountering a Samba bug. See:
> #
> # https://bugzilla.samba.org/show_bug.cgi?id=6563
> #
> # Note that we do not necessarily agree with their
> # explanation... but the fix does appear to work.
> #
> Note that this problem *never* appears if the Cleartext-Password is
> available to FreeRADIUS. It *only* happens when Samba is being used.
>
> Try this for yourself. Configure a Cleartext-Password in the "users"
> file for a test user, and disable ntlm_auth. If PEAP/MSCHAPv2 works,
> then the problem is Samba, not FreeRADIUS.
Cleartext-Password worked.
I had started on 3.4.7 which I'd hoped was free of the issue. I tried
downgrading to samba-3.2.15 that didn't help then I tried samba-3.0.37
that did so I'll try sticking with that for a while.
Thank you.
Neil
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm
More information about the Freeradius-Users
mailing list