Are you using vista supplicant? By reading the last lines of your radius debug file it seems so...
See earlier posts with subject: "PEAP or TTLS and Microsoft Vista". Sex, 2008-07-25 às 17:10 +0000, Reveal MAP escreveu: > > > > installing ca.der and putting user && pass into client machine, the > authentication doesn't work? > > -- no, it doesn't! > > > you only need ca.der but, if you have an active directory like > LDAP, > check if your comunication with AD server also have tls > authentication. > Into ldap module you can configurate another tls block, which it's > different than tls block into eap module. > > -- Well, the howto espalaining how freeradius has to authenticate > users against Active Directory says nothing about ldap config files on > linux server. it just gives tips about samba, using winbind, > ntlm_auth, krb5.conf, nsswitch.conf and mschap module in freeradius. > I ever success this kind of authentication without reading or changing > a line of ldap module in freeradius. > and i think, authenticating users against Openldap won't be managed > like authentication of freeradius using active directory. > > >I don't know if it is your problem, but I suppose that comunication > between ldap server and radius can have different certificates, from > different ca's than eap comunication. > > > my wireless network is secured with wpa/wpa2 entreprise, requiring a > RADIUS server to perform authentication. so i am doing 802.1x > authentication which exploit a valid PKI,regardless of the base of > users. this is how i understand it. > > > If it is your problem, I would > check it. also would be good you post de debug of radius to see which > certificate can't validate. > > see the logf there: http://tinypaste.com/5b99b > active and valid user is: > login: glouglou > password: glouglou > > aaa:~ # ntlm_auth --username=glouglou --request-nt-key --domain=PLUTON > password: > NT_STATUS_OK: Success (0x0) > aaa:~ # > > > :/ Any help will be appreciated. these days i am wondering about > validity of the Server certificate! > I have to tell you that, in my case, if i try a peap authentication > against Active Directoiry with wrong users credentials, i have an > error message saying that login or password is incorrect. with good > users credential, i just obtain what you can see in the Radiusd -X > output (http://tinypaste.com/5b99b) > > thank you > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > ______________________________________________________________________ > Envoyé avec Yahoo! Mail. > Une boite mail plus intelligente. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html