Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves pedrojmalves at gmail.com
Mon May 3 12:14:16 CEST 2010


I see that the file xpextensions is already in /raddb/certs dir and is
included when create certificates using bootstrap :

"openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key `grep
output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions
xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1"

But Windows XP and Vista Supplicant can't authenticate, always have "Sending
Access-Challenge"

What is the best Samba version to communicate with Win2008 server Standard
R2 (Active Directory) ?


Cumprimentos
Pedro Alves

-----Original Message-----
From: freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org
[mailto:freeradius-users-bounces+pedrojmalves=gmail.com at lists.freeradius.org
] On Behalf Of Alan DeKok
Sent: sexta-feira, 30 de Abril de 2010 8:58
To: FreeRadius users mailing list
Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP

Pedro Alves wrote:
> Using JRadiusSimulator to test and receive "Sending Access-Accept" :)
> 
> But when i use a client AP Cisco Aironet 1121, only users from "files" can
> connect,	users on AD dont.
...
> Sending Access-Challenge of id 110 to 10.1.3.17 port 1645
>         EAP-Message =
>
0x011c004a1900170301003faca645f76e5aff8c761515bd9d8c3213f7e06d164a58508ec372
> 6451efcaa894181735f73811912c526d93579a32e2887690f78fb267de6af44993815d126a
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xac9d3931ab8120751e3f7dd68458a60f
> Finished request 149.
> Going to the next request
> Waking up in 4.7 seconds.

  See the FAQ and the comments in eap.conf in recent versions of the server.

  It may also be a Samba bug.  See:

https://bugzilla.samba.org/show_bug.cgi?id=6563

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list