Authenticating agains AD issues
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 28 17:19:52 CEST 2010
On 28/10/10 15:48, Johnson, Neil M wrote:
>
> I've been following the reciepe on the "Deploying RADIUS" web site, but
> I have been unable to get an iPhone or Laptop to authenticate to wireless.
>
> It appears from the log that ntlm_auth is behaving correctly but the the
> challenge continues.
>
> I'm running 2.1.9 on Fedora 12 using the demonstration certificates.
>
> Here is the last part of the log file:
Hmm. Since this happens inside the PEAP tunnel, I don't think it's the
usual "bad certs" error. I suspect it's the "Buggy samba mis-calculating
MS-CHAP response" issue. See here for the latest round of discussion:
http://freeradius.1045715.n5.nabble.com/which-samba-version-patch-for-Active-Directory-2008-td2837914.html
Samba 3.0.x is known to work, as is very recent 3.5 or 3.4 releases. For
other versions, you may need the patch here:
https://bugzilla.samba.org/show_bug.cgi?id=7568
More information about the Freeradius-Users
mailing list