I'm going to conclude this as an issue with Fedora 9. I'm going to bring my RADIUS server down to Fedora 8. I just installed the newest version of FreeRADIUS on my Fedora 8 box and the EAP works fine even going to the active directory from this same access point.
Thomas E. Casartello, Jr. Infrastructure Technician Linux Specialist Department of Information Technology Westfield State College Wilson 105-A (413) 572-8245 E-Mail: [EMAIL PROTECTED] Red Hat Certified Technician (RHCT) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello, Thomas Sent: Friday, May 30, 2008 11:28 AM To: FreeRadius users mailing list Subject: RE: XP Extensions for PEAP/MSCHAPv2 Oh and yes, if I just send a non EAP mschap request to the server it works. Thomas E. Casartello, Jr. Infrastructure Technician Linux Specialist Department of Information Technology Westfield State College Wilson 105-A (413) 572-8245 E-Mail: [EMAIL PROTECTED] Red Hat Certified Technician (RHCT) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik Sent: Friday, May 30, 2008 11:04 AM To: FreeRadius users mailing list Subject: RE: XP Extensions for PEAP/MSCHAPv2 Certificates are not the problem. There is MSCHAP Success there which means that this is inner-tunnel stuff. Do ordinary mschap requests work? Ivan Kalik Kalik Informatika ISP Dana 30/5/2008, "Casartello, Thomas" <[EMAIL PROTECTED]> piše: >Here's a snippet of the debug.. > >radius_xlat: '--username=tcasartello' >radius_xlat: Running registered xlat function of module mschap for string >'Challenge' > mschap2: 3d >radius_xlat: '--challenge=c1b030c3f14da3b1' >radius_xlat: Running registered xlat function of module mschap for string >'NT-Response' >radius_xlat: '--nt-response=39b7dd714f0104723f917c82db10c17738015c22186940b0' >Exec-Program output: NT_KEY: B53F7A476F9C7D2E744175E014C5EBE6 >Exec-Program-Wait: plaintext: NT_KEY: B53F7A476F9C7D2E744175E014C5EBE6 >Exec-Program: returned: 0 >rlm_mschap: adding MS-CHAPv2 MPPE keys > modcall[authenticate]: module "mschap" returns ok for request 37 >modcall: leaving group MS-CHAP (returns ok) for request 37 >MSCHAP Success > modcall[authenticate]: module "eap" returns handled for request 37 >modcall: leaving group authenticate (returns handled) for request 37 > PEAP: Got tunneled Access-Challenge > modcall[authenticate]: module "eap" returns handled for request 37 >modcall: leaving group authenticate (returns handled) for request 37 >Sending Access-Challenge of id 38 to 192.168.223.1 port 1645 > EAP-Message = > 0x010a004a1900170301003f6adf2a774f5eb8ecfc6247131c81763255f6a526544dab03eb222ffc65777763c1426ce728a43fb70924d29e28f3cd3a145846d0a83a5692518aaf83d99320 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x42e8dc477d661fd07c3ccb0211ac0fac >Finished request 37 > >Thomas E. Casartello, Jr. >Infrastructure Technician >Linux Specialist >Department of Information Technology >Westfield State College >Wilson 105-A >(413) 572-8245 >E-Mail: [EMAIL PROTECTED] > >Red Hat Certified Technician (RHCT) > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Casartello, >Thomas >Sent: Friday, May 30, 2008 10:15 AM >To: FreeRadius users mailing list >Subject: RE: XP Extensions for PEAP/MSCHAPv2 > >I tried regenerating the certs using the bootstrap file (Which I saw includes >the XP extensions with the certs that it generates.) I'm still running into >the same issue. > >Here's my eap and mschap config..any other info I could show to help >troubleshoot? > >Eap.conf config: > > eap { > default_eap_type = peap > > timer_expire = 60 > ignore_unknown_eap_types = no > > cisco_accounting_username_bug = no > md5 { > } > leap { > } > gtc { > auth_type = PAP > } > tls { > private_key_password = whatever > private_key_file = ${raddbdir}/certs/cert-srv.pem > certificate_file = ${raddbdir}/certs/cert-srv.pem > CA_file = ${raddbdir}/certs/demoCA/cacert.pem > dh_file = ${raddbdir}/certs/dh > random_file = /dev/urandom > } > > peap { > default_eap_type = mschapv2 > } > mschapv2 { > } > } > >Mschap config: > mschap { > with_ntdomain_hack = yes > ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key > --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%$ > } >Thomas E. Casartello, Jr. >Infrastructure Technician >Linux Specialist >Department of Information Technology >Westfield State College >Wilson 105-A >(413) 572-8245 >E-Mail: [EMAIL PROTECTED] > >Red Hat Certified Technician (RHCT) > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok >Sent: Friday, May 30, 2008 1:41 AM >To: FreeRadius users mailing list >Subject: Re: XP Extensions for PEAP/MSCHAPv2 > >Casartello, Thomas wrote: >> I have everything working, but I believe Iâve hit the problem with the >> OIDs windows needs for the SSL cert. I generated a key with openssl and >> a req and I actually have a real cert assigned for the server. How do I >> go about modifying my key and cert so that XP users will be able to >> connect? I can connect with other OSes. > > In 2.0, see raddb/certs/. There are scripts and configurations to >make certificates that Windows will like. > > Alan DeKok. >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
