Machine auth fails but user auth works

Dennis Xu dxu at uoguelph.ca
Thu Dec 3 18:11:36 CET 2015


I have FreeRadius 3.0.4 and authenticate to AD. My user authentication works but machine auth fails with certificate errors. I was using the same Windows 10 machine to test both scenarios. I attached the debug logs in both tests. What could be the reasons for the machine auth problem?

Below are some of my configurations:
mods-available/mschap:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

mods-available/eap:
default_eap_type = peap
 peap {
               
                tls = tls-common

                default_eap_type = mschapv2

                copy_request_to_tunnel = yes
                use_tunneled_reply = yes

        #       proxy_tunneled_request_as_eap = yes

                virtual_server = "inner-tunnel"

        #       soh = yes

 
        #       soh_virtual_server = "soh-server"

        #       require_client_cert = yes
        }

  
        mschapv2 {
              
#               send_error = no
        }


proxy.conf:
realm LOCAL {
}
realm NULL{
}
realm uoguelph.ca {
}
realm DEFAULT {
        authhost = prod1-east.eduroam.ca:1812
        accthost = prod1-east.eduroam.ca:1813
        secret = 
        nostrip
}

Thanks!
Dennis Xu


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FR User Auth.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151203/9a389143/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FR Machine Auth.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151203/9a389143/attachment-0003.txt>


More information about the Freeradius-Users mailing list