Re: PEAP - AD Disabled

2010-06-27 Thread Alan Buxey
Hi, Isn't the same certificate used in the TLS tunnel for TTLS? Anyhow, it appears to be something to do with the person who configed Samba. They clustered the servers and the privileges changes in /var/cache/samba/winbind_privileged. That directory has been one of the biggest problems

RE: PEAP - AD Disabled

2010-06-25 Thread Danner, Mearl
Have you checked the certificate? That's one major difference. ntlm-auth is the auth after the cert conversation in PEAP is done. Maybe a radiusd -X log to help us along? From: freeradius-users-bounces+jmdanner=samford@lists.freeradius.org

Re: PEAP - AD Disabled

2010-06-25 Thread Phil Mayers
On 25/06/10 14:21, Nathan McDavit-Van Fleet wrote: Okay, I’ve had a working config with the following for the past month. TTLS-LDAP PEAP-AD PEAP-Local Users File After a month running everything perfectly, 3 days ago the “PEAP-AD” portion of the AAA failed. This is for wireless auth.

RE: PEAP - AD Disabled

2010-06-25 Thread Nathan McDavit-Van Fleet
+nmcdavit=alcor.concordia...@lists.freeradius.org] On Behalf Of Danner, Mearl Sent: Friday, June 25, 2010 9:34 AM To: FreeRadius users mailing list Subject: RE: PEAP - AD Disabled Have you checked the certificate? That's one major difference. ntlm- auth is the auth after the cert conversation

RE: PEAP + AD

2006-05-25 Thread Chris Liles
If you read the FAQ is says that you can't do CHAP with LDAP. [speculation] But I have also read about some guy successfully using OpenLDAP with PEAP because he stored the LM and NT password hashes in the ldap schema along with the clear text password. With AD I suppose you could extend the

Re: PEAP + AD

2006-05-25 Thread Alan DeKok
Kartthik Raghunathan [EMAIL PROTECTED] wrote: Am trying to authenticate my windows supplicant (ie. XP with sp2) with peap against the windows 2000 AD. But in the error log i could see Accept-Reject error message. So i need a clarification here, is't necessary to get samba on with active

Re: PEAP + AD

2006-05-25 Thread Alan DeKok
Chris Liles [EMAIL PROTECTED] wrote: But I have also read about some guy successfully using OpenLDAP with PEAP because he stored the LM and NT password hashes in the ldap schema along with the clear text password. With AD I suppose you could extend the schema to store these as well, but you'd

RE: PEAP + AD

2006-05-25 Thread Chris Liles
services? -- Chris Liles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, May 25, 2006 11:36 AM To: FreeRadius users mailing list Subject: Re: PEAP + AD Chris Liles [EMAIL PROTECTED] wrote: But I have also read about some

Re: PEAP + AD

2006-05-25 Thread Alan DeKok
Chris Liles [EMAIL PROTECTED] wrote: What hooks are you talking about? The extensions for unix services? No. There are API's in Windows to catch password changes, and pass them through your own code. That code can then *also* write the password to a different part of the AD schema. For