Hi,
I'm new to the list, I did a search of the archive
but could not see anything near the issue I'm having.
I've managed to get Wireless 802.1x EAP PEAP
working great.
Next step is to get WinXP to machine authenticate,
this is where I'm having a problem.
WinXP machine is a member of a samba domain. From
samba I have exported the NT password for the machine (pdbedit -w
-L).
I create an entry in the users file
"gscott-lt" NT-Password := 0x043255
etc...
I also have an entry for an actual user (which
works fine)
"giles" NT-Passwor := 0x343554 etc
When the machine attempts to authenticates
freeradius reports a MSCHAP error. The debug does show it finds the user name
and that it has a NT Password.
any ideas? has anyone got .1x machine
authentication working with freeradius ?
Also I had to hack around with the source code as I
have the with_ntdomain_hack enabled which caused peap to complain. I took out
the check to see if the user name had changed since the start of the
authentication. basically I am cutting gscott-lt\\giles to just giles,
and for machine auth host/gscott-lt1 to just gscott-lt. I know its nasty
and not secure but at the moment I'm just testing in a lab.
Cheers
Giles Scott
|