On 30/08/11 21:12, Glenn Machin wrote:
Phil - thanks for the feedback.
I just ended up proxying out to the IAS server usernames starting with
"DOMAIN\".
Ok. Obviously that will fail if enters their wireless credentials
without a domain.
I configured the freeradius server to not support mschapv2 but will
support PEAP/GTC EAP/TLS.
It seems to be working fine with the Macs, iPads and Linux systems while
the windows systems are happy to talk to the IAS server.
It still bugs that ntlm_auth would not authenticate to the domain
controllers the challenge and nt-response.
I repeat: if you send debug info, people may be able to help.
I assume no one else is having any issues using ntlm_auth to W2008
servers? It may be some Windows GPO at our site for all I know.
Exactly which version of windows (2008 or 2008R2?) and at which
functional level is your domain?
Did you try increasing the debug level for winbind using "smbcontrol"
and then examining the debug logs after a failed auth?
For what it's worth, we have no problems with Windows 2008R2 domain
controllers and the "samba3x" package available under RHEL5 (samba
version 3.5.4-0.70.el5). We did have problems with earlier (Samba 3.3)
versions after we'd upgraded to 2008R2 and upgraded functional level.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
