Machine auth fails but user auth works
Dennis Xu
dxu at uoguelph.ca
Thu Dec 3 18:11:36 CET 2015
I have FreeRadius 3.0.4 and authenticate to AD. My user authentication works but machine auth fails with certificate errors. I was using the same Windows 10 machine to test both scenarios. I attached the debug logs in both tests. What could be the reasons for the machine auth problem?
Below are some of my configurations:
mods-available/mschap:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-00} --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-CFS.UOGUELPH.CA} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
mods-available/eap:
default_eap_type = peap
peap {
tls = tls-common
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
# proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
# soh = yes
# soh_virtual_server = "soh-server"
# require_client_cert = yes
}
mschapv2 {
# send_error = no
}
proxy.conf:
realm LOCAL {
}
realm NULL{
}
realm uoguelph.ca {
}
realm DEFAULT {
authhost = prod1-east.eduroam.ca:1812
accthost = prod1-east.eduroam.ca:1813
secret =
nostrip
}
Thanks!
Dennis Xu
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FR User Auth.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151203/9a389143/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FR Machine Auth.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151203/9a389143/attachment-0003.txt>
More information about the Freeradius-Users
mailing list