But in the EAP-TLS section from eap.conf file, I don't see any reference to MSCHAPv2....and remember the NTLM authentication query is set up in the MSCHAPv2 module....
2013/9/25 <[email protected]>: > Because your EAP-TLS process works? Remember, you set up EAP-TLS first (which > worked). > > You just configured EAP-TTLS with EAP-MSCHAPv2 as an additional > authentication method. Since the default_eap_type is set to ttls, your server > *prefers* using EAP-TTLS with EAP-MSCHAPv2, but it still supports other > methods (like EAP-TLS and PEAP with EAP-MSCHAPv2). > > Stefan > > >> -----Original Message----- >> From: freeradius-users- >> [email protected] >> [mailto:freeradius-users- >> [email protected]] On Behalf Of >> Roberto Carna >> Sent: 25 September 2013 15:44 >> To: FreeRadius users mailing list >> Subject: Re: Active Directory authentication question >> >> Dear Stephan: Notebook with Windows 7 + AP + EAP-TTLS + MSCHAPv2 + >> Freeradius + AD is working now !!! >> >> But just a doubt: if I access with my Android device, using EAP-TLS >> (not EAP-TTLS) + MSCHAPv2, I can access the same...why ??? >> >> Regards and thanks, >> >> Roberto >> >> 2013/9/25 <[email protected]>: >> > In the eap section, the default is "md5", set it to "ttls" >> > >> > And Roberto, you've emailed the entire FreeRADIUS mailing list. :-) >> > >> > Stefan >> > >> >> -----Original Message----- >> >> From: freeradius-users- >> >> [email protected] >> >> [mailto:freeradius-users- >> >> [email protected]] On Behalf >> >> bounces+Of >> >> Roberto Carna >> >> Sent: 25 September 2013 14:27 >> >> To: FreeRadius users mailing list >> >> Subject: Re: Active Directory authentication question >> >> >> >> Dear Stephan, just the last question please....in your guide you >> say: >> >> >> >> In /etc/raddb/eap.conf, change the ttls section as follows: >> >> >> >> default_eap_type = mschapv2 >> >> copy_request_to_tunnel = yes >> >> use_tunneled_reply = no >> >> >> >> That's OK....but what do I have to put in the eap section from >> >> eap.conf file??? >> >> >> >> >> >> eap { >> >> default_eap_type = ttls >> >> >> >> default_eap_type=ttls or =mschapv2 ??? >> >> >> >> Thanks a lot, >> >> >> >> Roberto >> >> >> >> >> >> 2013/9/24 <[email protected]>: >> >> > You need the following items on your Debian system to build >> >> eapol_test: >> >> > >> >> > libssl-dev, libnl1, libnl-dev >> >> > >> >> > :-) >> >> > >> >> > Stefan >> >> > >> >> >> -----Original Message----- >> >> >> From: freeradius-users- >> >> >> [email protected] >> >> >> [mailto:freeradius-users- >> >> >> [email protected]] On >> >> >> bounces+Behalf Of >> >> >> Roberto Carna >> >> >> Sent: 24 September 2013 15:17 >> >> >> To: FreeRadius users mailing list >> >> >> Subject: Re: Active Directory authentication question >> >> >> >> >> >> Dear, I'm advancing in the Freeradius + AD authentication....just >> >> >> a short question: when I want to make the eapol_test tool, I get >> >> >> this >> >> >> error: >> >> >> >> >> >> # make eapol_test >> >> >> /usr/bin/ld: cannot find -lnl >> >> >> collect2: error: ld returned 1 exit status >> >> >> make: *** [eapol_test] Error 1 >> >> >> >> >> >> I've followed all the steps to use this tool, but I can't make >> it. >> >> >> >> >> >> What can be the problem ??? >> >> >> >> >> >> Thanks >> >> >> >> >> >> >> >> >> 2013/9/24 <[email protected]>: >> >> >> > Hi Roberto, >> >> >> > >> >> >> > You have to install Kerberos, yes. I believe you'll need the >> >> >> > krb5- >> >> >> user package. >> >> >> > >> >> >> > When you install krb5-user, it should install krb5.conf for >> you, >> >> >> > but >> >> >> I'm not up to date on Debian specifically. >> >> >> > >> >> >> > Stefan >> >> >> > >> >> >> > >> >> >> >> -----Original Message----- >> >> >> >> From: Roberto Carna [mailto:[email protected]] >> >> >> >> Sent: 23 September 2013 19:16 >> >> >> >> To: Paetow, Stefan (DLSLtd,RAL,LSCI) >> >> >> >> Subject: Re: Active Directory authentication question >> >> >> >> >> >> >> >> Dear Stepahn, I use Debian 7 for my Freeradius server and >> there >> >> >> >> I've installed Samba, Winbind and krb5.conf....not Kerberos >> (or >> >> >> >> whatever the package is called). >> >> >> >> >> >> >> >> Do I need to install the Kerberos package, or simply install >> >> >> >> the krb5.conf and then edit it ??? >> >> >> >> >> >> >> >> Thanks again. >> >> >> >> >> >> >> >> Roberto >> >> >> >> >> >> >> >> 2013/9/23 <[email protected]>: >> >> >> >> > Hi Roberto, >> >> >> >> > >> >> >> >> > When in the process do you get that error? >> >> >> >> > >> >> >> >> > Here are my configuration bits. In the [global] section of >> >> >> >> > the >> >> >> >> SMB.CONF file I have: >> >> >> >> > >> >> >> >> > workgroup = DIAMOND >> >> >> >> > security = ads >> >> >> >> > realm = DIAMOND.LOCAL (my test domain) password server = IP >> >> >> address >> >> >> >> of >> >> >> >> > my primary domain controller >> >> >> >> > >> >> >> >> > Everything else is left as-is (default). My test domain is >> >> >> >> > called >> >> >> >> DIAMOND.LOCAL. >> >> >> >> > >> >> >> >> > Stefan >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> >> -----Original Message----- >> >> >> >> >> From: Roberto Carna [mailto:[email protected]] >> >> >> >> >> Sent: 23 September 2013 15:58 >> >> >> >> >> To: Paetow, Stefan (DLSLtd,RAL,LSCI) >> >> >> >> >> Subject: Re: Active Directory authentication question >> >> >> >> >> >> >> >> >> >> Dear Stephan, can you send me a complete smb.conf file >> >> >> >> >> because I am >> >> >> >> a >> >> >> >> >> bit lost in the correct configuration ? >> >> >> >> >> >> >> >> >> >> I'm getting the error: >> >> >> >> >> >> >> >> >> >> Could not connect to server 10.11.0.64 Connection failed: >> >> >> >> >> NT_STATUS_BAD_NETWORK_NAME >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > -- >> >> >> >> > This e-mail and any attachments may contain confidential, >> >> >> copyright >> >> >> >> and or privileged material, and are for the use of the >> intended >> >> >> >> addressee only. If you are not the intended addressee or an >> >> >> >> authorised recipient of the addressee please notify us of >> >> >> >> receipt by returning the e-mail and do not use, copy, retain, >> >> >> >> distribute or disclose the information in or attached to the >> e-mail. >> >> >> >> > Any opinions expressed within this e-mail are those of the >> >> >> >> > individual >> >> >> >> and not necessarily of Diamond Light Source Ltd. >> >> >> >> > Diamond Light Source Ltd. cannot guarantee that this e-mail >> >> >> >> > or any >> >> >> >> attachments are free from viruses and we cannot accept >> >> >> >> liability for any damage which you may sustain as a result of >> >> >> >> software viruses which may be transmitted in or with the >> message. >> >> >> >> > Diamond Light Source Limited (company no. 4375679). >> >> >> >> > Registered in England and Wales with its registered office >> at >> >> >> >> > Diamond House, >> >> >> >> Harwell >> >> >> >> > Science and Innovation Campus, Didcot, Oxfordshire, OX11 >> 0DE, >> >> >> >> > United Kingdom >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > This e-mail and any attachments may contain confidential, >> >> copyright >> >> >> and or privileged material, and are for the use of the intended >> >> >> addressee only. If you are not the intended addressee or an >> >> >> authorised recipient of the addressee please notify us of receipt >> >> >> by returning the e-mail and do not use, copy, retain, distribute >> >> >> or disclose the information in or attached to the e-mail. >> >> >> > Any opinions expressed within this e-mail are those of the >> >> >> > individual >> >> >> and not necessarily of Diamond Light Source Ltd. >> >> >> > Diamond Light Source Ltd. cannot guarantee that this e-mail or >> >> >> > any >> >> >> attachments are free from viruses and we cannot accept liability >> >> >> for any damage which you may sustain as a result of software >> >> >> viruses which may be transmitted in or with the message. >> >> >> > Diamond Light Source Limited (company no. 4375679). Registered >> >> >> > in England and Wales with its registered office at Diamond >> >> >> > House, >> >> >> Harwell >> >> >> > Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, >> >> >> > United Kingdom >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> - >> >> >> List info/subscribe/unsubscribe? See >> >> >> http://www.freeradius.org/list/users.html >> >> > >> >> > -- >> >> > This e-mail and any attachments may contain confidential, >> copyright >> >> and or privileged material, and are for the use of the intended >> >> addressee only. If you are not the intended addressee or an >> >> authorised recipient of the addressee please notify us of receipt by >> >> returning the e-mail and do not use, copy, retain, distribute or >> >> disclose the information in or attached to the e-mail. >> >> > Any opinions expressed within this e-mail are those of the >> >> > individual >> >> and not necessarily of Diamond Light Source Ltd. >> >> > Diamond Light Source Ltd. cannot guarantee that this e-mail or any >> >> attachments are free from viruses and we cannot accept liability for >> >> any damage which you may sustain as a result of software viruses >> >> which may be transmitted in or with the message. >> >> > Diamond Light Source Limited (company no. 4375679). Registered in >> >> > England and Wales with its registered office at Diamond House, >> >> Harwell >> >> > Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, >> >> > United Kingdom >> >> > >> >> > >> >> > >> >> > >> >> > - >> >> > List info/subscribe/unsubscribe? See >> >> > http://www.freeradius.org/list/users.html >> >> - >> >> List info/subscribe/unsubscribe? See >> >> http://www.freeradius.org/list/users.html >> > >> > -- >> > This e-mail and any attachments may contain confidential, copyright >> and or privileged material, and are for the use of the intended >> addressee only. If you are not the intended addressee or an authorised >> recipient of the addressee please notify us of receipt by returning the >> e-mail and do not use, copy, retain, distribute or disclose the >> information in or attached to the e-mail. >> > Any opinions expressed within this e-mail are those of the individual >> and not necessarily of Diamond Light Source Ltd. >> > Diamond Light Source Ltd. cannot guarantee that this e-mail or any >> attachments are free from viruses and we cannot accept liability for >> any damage which you may sustain as a result of software viruses which >> may be transmitted in or with the message. >> > Diamond Light Source Limited (company no. 4375679). Registered in >> > England and Wales with its registered office at Diamond House, >> Harwell >> > Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United >> > Kingdom >> > >> > >> > >> > >> > - >> > List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > -- > This e-mail and any attachments may contain confidential, copyright and or > privileged material, and are for the use of the intended addressee only. If > you are not the intended addressee or an authorised recipient of the > addressee please notify us of receipt by returning the e-mail and do not use, > copy, retain, distribute or disclose the information in or attached to the > e-mail. > Any opinions expressed within this e-mail are those of the individual and not > necessarily of Diamond Light Source Ltd. > Diamond Light Source Ltd. cannot guarantee that this e-mail or any > attachments are free from viruses and we cannot accept liability for any > damage which you may sustain as a result of software viruses which may be > transmitted in or with the message. > Diamond Light Source Limited (company no. 4375679). Registered in England and > Wales with its registered office at Diamond House, Harwell Science and > Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
