Yikes! Sent to the wrong listserv. My apologies folks! Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State College From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx]
On Behalf Of Casartello, Thomas Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the same type of error I’d get as if I didn’t have the xpextensions on my cert (Even though I do.) No
response to access-challenge. If I go back to 3.0.30 it immediately works….Starting to run into a problem because 3.0.30 won’t work will 2008 r2 domain controllers. Again my cert does have the xpextensions. And it does this to all clients,, not just Microsoft.
Here’s the end of my debug: [mschap] expand: --username=%{mschap:User-Name:-None} -> --username=tomtom [mschap] expand: %{mschap:NT-Domain} -> ADS [mschap] expand: --domain=%{%{mschap:NT-Domain}:-ADS} -> --domain=ADS [mschap] mschap2: d3 [mschap] Creating challenge hash with username: tomtom [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba19d84bdab789ef [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=27a757e4b32c51011216ac7fff78219563fc14af067f3d05 Exec-Program output: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F
Exec-Program-Wait: plaintext: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F
Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010c00331a030b002e533d33333133453034393739353130383137303633423342413033324339383343383832413937323736 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010c00331a030b002e533d33333133453034393739353130383137303633423342413033324339383343383832413937323736 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 17 to 172.20.4.253 port 32769 EAP-Message = 0x010c005b19001703010050e5f53b91a3b5214c1a0f1ee21b46045f6992732a92d882e4359ed17b1dfffcb69d20d4645caa74a94ea448cd54c76c041c642d05801fa0a4f830247b30f9723884d6fbaa35f6b11398741f833bc68f08 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xedeb59b2eae740f09f949186981dc8bc Finished request 10. Going to the next request Waking up in 4.7 seconds. Cleaning up request 3 ID 10 with timestamp +11 Cleaning up request 4 ID 11 with timestamp +11 Cleaning up request 5 ID 12 with timestamp +11 Cleaning up request 6 ID 13 with timestamp +11 Cleaning up request 7 ID 14 with timestamp +11 Cleaning up request 8 ID 15 with timestamp +11 Waking up in 0.1 seconds. Cleaning up request 9 ID 16 with timestamp +11 Cleaning up request 10 ID 17 with timestamp +11 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0xedeb59b2eae740f0 did not finish! WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State College (413) 572-8245 Red Hat Certified Technician (RHCT) Cisco Certified Network Associate (CCNA) |
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines