[SOLVED] Re: Cisco Aironet 1240AG, PEAP and Active directory
Thanks guy, it's working fine now with the version 3.2.15 of samba For anyone have problems with ntlm_auth OK but no access-accept receive after that, use this version of samba. Freeradius 2.1.8 samba 3.2.5 Cisco Aironet 1240G Johan Meiring a écrit : Abdessamad BARAKAT wrote: I have tried verson 3.3.10 and 3.4.5. Which stable version can you recommend ? Search the list. You'll get lots of messages about it. As far as I Remember it needs to be 3.2 and below. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1240AG, PEAP and Active directory
On 09/02/10 20:42, Trevor Jennings wrote: Just out of curiosity, is there a reason why Samba is used in the AD authentication? Is that the only option for FreeRadius? I ask because I heard that ntlm_auth was not that stable. no problem wth stability here - version 3.2.x - where did you read/hear that it was not that stable? ntlm_auth does its work thousands of times per minute during our busy times. you need to use ntlm_auth because you are doing challenge response vs the AD - LDAP wont do the work. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1240AG, PEAP and Active directory
Abdessamad BARAKAT wrote: The AD authentication with ntlm_auth is working fine but just after that, the freeradius send a access-challenge to the aironet and nothing after that, no access-accept or access-reject. Change Samba. It's a bug in Samba. i.e. install a different version of Samba (downgrade, etc.) until it starts working again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1240AG, PEAP and Active directory
Just out of curiosity, is there a reason why Samba is used in the AD authentication? Is that the only option for FreeRadius? I ask because I heard that ntlm_auth was not that stable. Cheers, - Trevor On Tue, Feb 9, 2010 at 3:36 PM, Alan DeKok al...@deployingradius.com wrote: Abdessamad BARAKAT wrote: The AD authentication with ntlm_auth is working fine but just after that, the freeradius send a access-challenge to the aironet and nothing after that, no access-accept or access-reject. Change Samba. It's a bug in Samba. i.e. install a different version of Samba (downgrade, etc.) until it starts working again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1240AG, PEAP and Active directory
Trevor Jennings wrote: Just out of curiosity, is there a reason why Samba is used in the AD authentication? Is that the only option for FreeRadius? Samba is the only option for *anyone* to do MS-CHAP authentication against AD. Remember: AD isn't an LDAP server. LDAP servers let you query for the password. AD doesn't let you do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1240AG, PEAP and Active directory
I have tried verson 3.3.10 and 3.4.5. Which stable version can you recommend ? Thanks Alan Alan DeKok a écrit : Abdessamad BARAKAT wrote: The AD authentication with ntlm_auth is working fine but just after that, the freeradius send a access-challenge to the aironet and nothing after that, no access-accept or access-reject. Change Samba. It's a bug in Samba. i.e. install a different version of Samba (downgrade, etc.) until it starts working again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1240AG, PEAP and Active directory
Abdessamad BARAKAT wrote: I have tried verson 3.3.10 and 3.4.5. Which stable version can you recommend ? Search the list. You'll get lots of messages about it. As far as I Remember it needs to be 3.2 and below. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet 1240AG, PEAP and Active directory
I have tried verson 3.3.10 and 3.4.5. Which stable version can you recommend ? Version 3.0.35 is working for me. I went through the downgrade process quite a few months ago and settled on that version. It's been fine ever since. Regards, Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html