FW: Problem with PEAP MS-ChapV2 against AD
Robert Graham
rgraham at mem-ins.com
Sat Jan 15 00:18:56 CET 2011
Alan,
Thanks for the tips. I followed everything, PAP worked fine, but I still
had problems with EAP even with using the certificates from the Radius
disto. The part that didn't make a lot of sense to me was it would go thru
all the process, and MSCHAP showed success:
[mschap] Creating challenge hash with username: test1
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=101d5affa80deb2a
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=2ff233ba94c6cc0ff8b204e09e8217c1f93dd23f6a175caa
Exec-Program output: NT_KEY: D17434B7303CD6FA2ABE17CDB536D69D
Exec-Program-Wait: plaintext: NT_KEY: D17434B7303CD6FA2ABE17CDB536D69D
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
But after that was [peap] Got tunneled reply code 11. Some searches on
google indicated that I might be facing a Samba bug. After upddating to the
latest release 3.5.6 and adding winbind:forcesamlogon to the smb.conf file
it started working.
Now I am off to adding LDAP for group membership and configure for dynamic
vlans and acls.
-Robert
--
View this message in context: http://freeradius.1045715.n5.nabble.com/FW-Problem-with-PEAP-MS-ChapV2-against-AD-tp3340563p3342137.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list