PEAP/MSCHAPv2 failing with Windows 7
Gary Gatten
Ggatten at waddell.com
Mon May 9 23:55:14 CEST 2011
Hello,
We use Aruba Wireless gear. We're using 802.1x PEAP, MSCHAPv2, use windows credentials. Everything is working great with this setup until we started testing / trying Windows 7 clients. They fail with:
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
The same exact username / password works great on XP. What really weird is this:
In the PEAP properties, EAP-MSCHAP v2, if you DISABLE "automatically use my windows logon name and password" and instead enter the credentials manually it works.
It appears to me this is some sort of bug in the Windows7 PEAP/EAPcode that grabs the credentials from "windows" that was previously entered and passes them to the EAP/PEAP process. Somewhere along the way they're getting mashed or something?
I should note, it appears the Aruba gear is terminating the PEAP - FR only sees an MSCHAP request.
Anyone else having a similar issue?
TIA
G
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110509/cce2e685/attachment.html>
More information about the Freeradius-Users
mailing list