Hi,
Isn't the same certificate used in the TLS tunnel for TTLS?
Anyhow, it appears to be something to do with the person who configed Samba.
They clustered the servers and the privileges changes in
/var/cache/samba/winbind_privileged. That directory has been one of the
biggest problems
Have you checked the certificate? That's one major difference. ntlm-auth is the
auth after the cert conversation in PEAP is done.
Maybe a radiusd -X log to help us along?
From: freeradius-users-bounces+jmdanner=samford@lists.freeradius.org
On 25/06/10 14:21, Nathan McDavit-Van Fleet wrote:
Okay,
I’ve had a working config with the following for the past month.
TTLS-LDAP
PEAP-AD
PEAP-Local Users File
After a month running everything perfectly, 3 days ago the “PEAP-AD”
portion of the AAA failed. This is for wireless auth.
+nmcdavit=alcor.concordia...@lists.freeradius.org] On Behalf Of
Danner, Mearl
Sent: Friday, June 25, 2010 9:34 AM
To: FreeRadius users mailing list
Subject: RE: PEAP - AD Disabled
Have you checked the certificate? That's one major difference. ntlm-
auth is the auth after the cert conversation
If you read the FAQ is says that you can't do CHAP with LDAP.
[speculation]
But I have also read about some guy successfully using OpenLDAP with PEAP
because he stored the LM and NT password hashes in the ldap schema along with
the clear text password. With AD I suppose you could extend the
Kartthik Raghunathan [EMAIL PROTECTED] wrote:
Am trying to authenticate my windows supplicant (ie. XP with sp2)
with peap against the windows 2000 AD. But in the error log i could
see Accept-Reject error message. So i need a clarification here,
is't necessary to get samba on with active
Chris Liles [EMAIL PROTECTED] wrote:
But I have also read about some guy successfully using OpenLDAP with
PEAP because he stored the LM and NT password hashes in the ldap
schema along with the clear text password. With AD I suppose you
could extend the schema to store these as well, but you'd
services?
--
Chris Liles
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Thursday, May 25, 2006 11:36 AM
To: FreeRadius users mailing list
Subject: Re: PEAP + AD
Chris Liles [EMAIL PROTECTED] wrote:
But I have also read about some
Chris Liles [EMAIL PROTECTED] wrote:
What hooks are you talking about? The extensions for unix services?
No. There are API's in Windows to catch password changes, and pass
them through your own code. That code can then *also* write the
password to a different part of the AD schema.
For
9 matches
Mail list logo