Hi, > peap { > > default_eap_type = mschapv2 > copy_request_to_tunnel = no > use_tunneled_reply = no
personally, I'd advise that you set those to yes rather than no. > File /etc/raddb/users > > DEFAULT Auth-Type = ntlm_auth you dont need to do this. ever. we do PEAP and dont have such a line - in fact, the only time you need to est this is if you need to break the system in a wierd way > Files /etc/raddb/sites-enable/inner-tunnel and /etc/raddb/sites-enable/default > > authenticate { > .... > ntlm_auth > ... > } no no no. leave the inner-tunnel and default exactly as you found them - it will work out of the box. what guide were you following to get this working? I ask because if there is some document out there than it needs to be taken down. > [r...@radiusserver etc]# ntlm_auth --request-nt-key --domain=MYDOMAINTEST > --username=testuser01 --password=test > NT_STATUS_OK: Success (0x0) good, that bits fine > [r...@radiusserver /]# radtest testuser01 test localhost 0 teste123 > Sending Access-Request of id 51 to 127.0.0.1 port 1812 > User-Name = "testuser01" > User-Password = "test" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 0 > rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=51, length=20 and all thats done is a basic PAP test. you'd need to use more advanced tools such as eapol_test from the wpa_supplicant package for actually simulating a standard Windows client that is doing an EAP method - with an EAP test your packets would be proxied into the inner-tunnel virtual server... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html