Following on an earlier thread:
http://lists.freeradius.org/pipermail/freeradius-users/2010-June/msg00116.html
Of which I couldn't get any answer unfortunately..
I am experiencing a similar problem.
I am running freeradius that comes installed and configured with MacOS
10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP.
iPhone, mac os client connect just fine using EAP-TTLS
Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but
not with the default build-in PEAP.
I have modified module/mschap as followed, as per various instructions:
# Microsoft CHAP authentication
#
# This module supports MS-CHAP and MS-CHAPv2 authentication.
# It also enforces the SMB-Account-Ctrl attribute.
#
mschap {
#
# If you are using /etc/smbpasswd, see the 'passwd'
# module for an example of how to use /etc/smbpasswd
authtype = MS-CHAP
# if use_mppe is not set to no mschap will
# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
#
use_mppe = yes
# if mppe is enabled require_encryption makes
# encryption moderate
#
require_encryption = yes
# require_strong always requires 128 bit key
# encryption
#
require_strong = yes
# Windows sends us a username in the form of
# DOMAIN\user, but sends the challenge response
# based on only the user portion. This hack
# corrects for that incorrect behavior.
#
with_ntdomain_hack = yes
# The module can perform authentication itself, OR
# use a Windows Domain Controller. This configuration
# the "best" user name for the request.
#
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
}
In the log, when connecting using Windows XP I would see:
Thu Aug 26 02:04:20 2010 : Info: rlm_sql_sqlite: sqlite3_open() = 0
Thu Aug 26 02:04:20 2010 : Info: rlm_sql_sqlite: Opening sqlite
database /private/etc/raddb/sqlite_radius_client_database for #4
Thu Aug 26 02:04:20 2010 : Info: rlm_sql_sqlite: sqlite3_open() = 0
Thu Aug 26 02:04:20 2010 : Info: Ready to process requests.
Thu Aug 26 02:07:43 2010 : Auth: rlm_opendirectory: User
<jean-yves.avenard> is authorized.
When connecting with Windows 7, I would read:
Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the
user's uuid.
Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef():
dsGetRecordList() status = 0, recCount=0
Any hint about what I should be looking at?
Mind new, I'm a complete noob when it comes to radius, I only started
playing with it 2 days ago.
Thank you for your help troubleshooting this matter.
Regards
Jean-Yves
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
