Jean-Philippe Ghibaudo wrote: > I need to have EAP-TTLS working with LDAP bind and PEAP-MSCHAPV2 with > Samba + Winbind + Active Directory.
That should be possible. Follow the guides, and it should work. > I've got winbind very unstable... I can successfully authenticate using > eapol_test but a few minutes later, I've got a > MPPE keys mismatch. If I restart winbind, I can authenticate few times > and then, it stops working. That sounds like a Samba problem. See https://bugzilla.samba.org/show_bug.cgi?id=6563 > I'm not really sure to understand how I have to set "Auth-Type" in > inner-tunnel and/or default (sites-enabled). Don't. Leave the defaults alone. Only make the changes which are recommended by the guides (e.g. deployingradius.com) > I've got : ... > in the authenticate section. I've got mschap then ldap in authorize section. > > Is there a mistake here ? No. > This is the end of the output of eapol_test for PEAP when it fails : .. > EAP-MSCHAPV2: Invalid authenticator response in success request It looks like that Samba bug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html