On Tue, 12 Jun 2007 07:56:28 +0100 "Ruslan N. Marchenko" <[EMAIL PROTECTED]> wrote: > > It seems to be not a particular question, but... > > client - winxp wireless, ap - AIR-AP1131AG-E-K9, server > 1.1.6. fresh install. > certificates generated according to CA.all (with > xp-extension and conversion to pkcs12) > Ok, tls seems to be working now. But ntlm_auth fails. It pass username with domain name, despite --username=%{Stripped-User-Name:-%{User-Name:-None}} option and with_ntdomain_hack = yes in mschapv2 section in eap.conf.
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: '--domain=headquarters' radius_xlat: '--username=headquarters\\test' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 41 radius_xlat: '--challenge=67b84c92c98d2be0' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=52471b2a1db2fa3a00a03c182551317e48acea4a4f30f393' Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 maybe there are some more options to specify in order to make it work properly? -- Olimp, System Administrator IT Dept. Fax. +380(62)381-3428 Tel. +380(62)381-3978-5 ---- Looking forward to reading yours. RUFF-RIPE DI76-GANDI RUFF-6BONE Ruslan N. Marchenko - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html