Freeradius Samba problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the same type of error I’d get as if I didn’t have the xpextensions on my cert (Even though I do.) No response to access-challenge. If I go back to 3.0.30 it immediately works….Starting to run into a problem because 3.0.30 won’t work will 2008 r2 domain controllers. Again my cert does have the xpextensions. And it does this to all clients,, not just Microsoft. Here’s the end of my debug:

 

[mschap]        expand: --username=%{mschap:User-Name:-None} -> --username=tomtom

[mschap]        expand: %{mschap:NT-Domain} -> ADS

[mschap]        expand: --domain=%{%{mschap:NT-Domain}:-ADS} -> --domain=ADS

[mschap]  mschap2: d3

[mschap] Creating challenge hash with username: tomtom

[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba19d84bdab789ef

[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=27a757e4b32c51011216ac7fff78219563fc14af067f3d05

Exec-Program output: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F

Exec-Program-Wait: plaintext: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F

Exec-Program: returned: 0

[mschap] adding MS-CHAPv2 MPPE keys

++[mschap] returns ok

MSCHAP Success

++[eap] returns handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

        EAP-Message = 0x010c00331a030b002e533d33333133453034393739353130383137303633423342413033324339383343383832413937323736

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed

[peap] Got tunneled reply RADIUS code 11

        EAP-Message = 0x010c00331a030b002e533d33333133453034393739353130383137303633423342413033324339383343383832413937323736

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed

[peap] Got tunneled Access-Challenge

++[eap] returns handled

Sending Access-Challenge of id 17 to 172.20.4.253 port 32769

        EAP-Message = 0x010c005b19001703010050e5f53b91a3b5214c1a0f1ee21b46045f6992732a92d882e4359ed17b1dfffcb69d20d4645caa74a94ea448cd54c76c041c642d05801fa0a4f830247b30f9723884d6fbaa35f6b11398741f833bc68f08

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xedeb59b2eae740f09f949186981dc8bc

Finished request 10.

Going to the next request

Waking up in 4.7 seconds.

Cleaning up request 3 ID 10 with timestamp +11

Cleaning up request 4 ID 11 with timestamp +11

Cleaning up request 5 ID 12 with timestamp +11

Cleaning up request 6 ID 13 with timestamp +11

Cleaning up request 7 ID 14 with timestamp +11

Cleaning up request 8 ID 15 with timestamp +11

Waking up in 0.1 seconds.

Cleaning up request 9 ID 16 with timestamp +11

Cleaning up request 10 ID 17 with timestamp +11

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WARNING: !! EAP session for state 0xedeb59b2eae740f0 did not finish!

WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

Thomas E. Casartello, Jr.

Staff Assistant - Wireless/Linux Administrator

Information Technology

Wilson 105A

Westfield State College

(413) 572-8245

 

Red Hat Certified Technician (RHCT)

Cisco Certified Network Associate (CCNA)

 

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux