Il 20/01/2012 11:55, Phil Mayers ha scritto:
If that's really all you've changed, there must be something wrong with
Samba; it's getting the final crypto blob wrong, and the client is
dropping the packets. You'll need to investigate and fix this.
Just tested with radtest (have had to use
Mschap v1 doesn't validate the reply from server to client, which is what is
failing with eapol_test. Therefore you're not testing the same path.
Try using a local i.e. non samba user to test. I am sure the problem is with
your samba daemon.
--
Sent from my phone. Please excuse brevity and
Phil Mayers p.may...@imperial.ac.uk wrote:
Mschap v1 doesn't validate the reply from server to client, which is
what is failing with eapol_test. Therefore you're not testing the same
path.
Try using a local i.e. non samba user to test. I am sure the problem is
with your samba daemon.
--
Sent
I mentioned exactly that last week but he disregarded it!
Subject: Re: eapol_test giving up and win-like error?
From: p.may...@imperial.ac.uk
Date: Mon, 23 Jan 2012 10:12:08 +
To: freeradius-users@lists.freeradius.org
Phil Mayers p.may...@imperial.ac.uk wrote:
Mschap v1 doesn't
Il 23/01/2012 11:02, Phil Mayers ha scritto:
Mschap v1 doesn't validate the reply from server to client, which is what is
failing with eapol_test. Therefore you're not testing the same path.
So radtest isn't actually equivalent to eapol_test. It's just another
step for testing.
Try using a
Il 19/01/2012 13:01, Phil Mayers ha scritto:
I'm not sure what the problem is then. From your original post, the
authentication is failing at the *client*, in the inner EAP section.
This normally means the final MSCHAP response is invalid, which only
happens if some crypto has gone wrong
On 01/20/2012 10:30 AM, NdK wrote:
Il 19/01/2012 13:01, Phil Mayers ha scritto:
I'm not sure what the problem is then. From your original post, the
authentication is failing at the *client*, in the inner EAP section.
This normally means the final MSCHAP response is invalid, which only
happens
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
Hmm. I see from your original email that Samba ntlm_auth are succeeding.
There are a couple of buggy version of Samba out there that return
invalid response values, and generate these
Il 19/01/2012 10:03, Phil Mayers ha scritto:
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
These (plus the timeout one) are the lines printed after FR have already
cloded session.
Hmm. I see from your original email that Samba
On 19/01/12 11:07, NdK wrote:
Il 19/01/2012 10:03, Phil Mayers ha scritto:
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
These (plus the timeout one) are the lines printed after FR have already
cloded session.
Yes.
Hmm. I see
Hi all.
I think I'm near to correctly configure my server... but I incur in a
situation that IIUC should be related to win clients only: I get
-8--
WARNING:
!!
WARNING: !! EAP session for state 0x6ac8f8c260c3e171 did not finish!
NdK wrote:
I think I'm near to correctly configure my server... but I incur in a
situation that IIUC should be related to win clients only: I get
...
message and *eapol_test* (run from a *linux* machine!) gives up after
about 10 seconds.
Then read the error messages from eapol_test. Why
Il 18/01/2012 15:25, Alan DeKok ha scritto:
NdK wrote:
I think I'm near to correctly configure my server... but I incur in a
situation that IIUC should be related to win clients only: I get
...
message and *eapol_test* (run from a *linux* machine!) gives up after
about 10 seconds.
Then
13 matches
Mail list logo