help with freeradius on u24 for eduroam with ntlm auth
Rob Taylor
rgt at wi.mit.edu
Mon Sep 22 23:54:05 UTC 2025
Hi all. I'm in the process of trying to set up a freeradius instance for
eduroam.
I'm using ubuntu24 with the pre-built radius packages,
3.2.5+dfsg-3~ubuntu24.04.3
I'm following the guide from here:
https://wiki.freeradius.org/guide/eduroam
and I got the files based authentication to work, but I'm having an
issue with the ntlm authentication.
I've tested the samba part and that works, but when I try to auth to
radius using ntlm,
it gets rejected, and from what I can tell using tcpdump, it's not even
hitting the ad servers, so something is wrong before it even gets to
that point.
I'm not sure if I have the radius config wrong, or if I'm doing
something wrong with the eapol test.
I have nltm_auth in both the inner-tunnel and default in sites-enabled
in the authenticate section.
I think this is where it goes wrong:
(8) mschap: Found Cleartext-Password, hashing to create NT-Password
(8) mschap: Creating challenge hash with username: rgt at wi.mit.edu
(8) mschap: Client is using MS-CHAPv2
(8) mschap: ERROR: MS-CHAP2-Response is incorrect
(8) eap_mschapv2: [mschap] = reject
Should it be stripping the domain here? It looks like it is doing that
in other places in the config.
can someone steer me in the right direction?
Thanks.
rgt
More information about the Freeradius-Users
mailing list