EAP PEAP issues
Alan DeKok
aland at deployingradius.com
Fri Mar 17 12:56:10 UTC 2023
On Mar 16, 2023, at 6:17 PM, Matt H <meh1963 at gmail.com> wrote:
> This command (local user in ..users) works great:
>
> radtest -t mschap bob hello 127.0.0.1:18120 0 testing123
>
> Comes right back with 'hello bob' as it should. So presumably mschap is
> working at some level, and Windows connects to it without much fuss and
> bother.
That's good...
> This command doesn't:
>
> radtest -t mschap farhadtest Rambo5201 127.0.0.1:18120 0 testing123
>
> It tries to auth against ldap,
LDAP doesn't do MS-CHAP.
https://networkradius.com/articles/2021/10/08/authentication-system-and-protocol-compatibility.html
> is *not* working from the CLI, and Windows
> can't connect (obviously). Is mschap even working? It looks like it is,
> but something else is misconfigured that's blocking external auth.
You can't use LDAP to do MS-CHAP authentication to Active Directory. It's impossible.
You must use Samba and ntlm_auth. See mods-available/ntlm_auth for documentation.
Alan DeKok.
More information about the Freeradius-Users
mailing list