Did you enable the "WITH NT DOMAIN HACK" in your MSCHAP module?
Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 From: freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.o rg] On Behalf Of Johnson, Neil M Sent: Thursday, October 28, 2010 9:48 AM To: freeradius-users@lists.freeradius.org Subject: Authenticating agains AD issues I've been following the reciepe on the "Deploying RADIUS" web site, but I have been unable to get an iPhone or Laptop to authenticate to wireless. It appears from the log that ntlm_auth is behaving correctly but the the challenge continues. I'm running 2.1.9 on Fedora 12 using the demonstration certificates. Here is the last part of the log file: Thanks in advance. -Neil [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for nmjoo with NT-Password [mschap] expand: %{Stripped-User-Name} -> [mschap] ... expanding second conditional [mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [mschap] expand: %{User-Name:-None} -> IOWA\nmjoo [mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=IOWA\nmjoo [mschap] mschap2: 5e [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=13fe382b60e3bba9 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=24bf15cdc812e5f7fb9723f21143bb775b24a1914870caf0 Exec-Program output: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 Exec-Program-Wait: plaintext: NT_KEY: 0FD5C0593F3B79F0478DB821B51BCB38 Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a00331a0309002e533d364637444633304644363834324235424237384637364543 39423230454534453639434431463338 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9b59f55f9a53ef43871eb82ef0802a05 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00331a0309002e533d364637444633304644363834324235424237384637364543 39423230454534453639434431463338 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9b59f55f9a53ef43871eb82ef0802a05 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 112 to 128.255.11.74 port 32768 EAP-Message = 0x010a005b19001703010050f59dec82774ce4b8dc5bb542e29881b2cb321a7136c39e4f 1a498708fa2515da475f29ec726bd310dd96ab7ae6de4a85f079285567b375a7fa02d137 f9d0d2adcf75dc887c91c50a41e041c13b370882 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa489d972ac83c05d8d6d2302f3fa3977 Finished request 17. Going to the next request Waking up in 3.2 seconds. Cleaning up request 0 ID 95 with timestamp +9 Cleaning up request 1 ID 96 with timestamp +9 Cleaning up request 2 ID 97 with timestamp +9 Cleaning up request 3 ID 98 with timestamp +9 Cleaning up request 4 ID 99 with timestamp +9 Cleaning up request 5 ID 100 with timestamp +9 Cleaning up request 6 ID 101 with timestamp +9 Cleaning up request 7 ID 102 with timestamp +9 Cleaning up request 8 ID 103 with timestamp +9 Waking up in 1.0 seconds. Cleaning up request 9 ID 104 with timestamp +10 Cleaning up request 10 ID 105 with timestamp +10 Cleaning up request 11 ID 106 with timestamp +10 Cleaning up request 12 ID 107 with timestamp +10 Cleaning up request 13 ID 108 with timestamp +10 Cleaning up request 14 ID 109 with timestamp +10 Cleaning up request 15 ID 110 with timestamp +10 Cleaning up request 16 ID 111 with timestamp +10 Cleaning up request 17 ID 112 with timestamp +10 Ready to process requests. -- Neil Johnson Network Engineer Information Technology Services The University of Iowa Work: 319 384-0938 Mobile: 319 540-2081 Fax: 319 355-2618 E-mail: neil-john...@uiowa.edu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html