On 20/10/10 12:22, Chidanand Gangur wrote:
Hi,
I have following setup
where windows host is connected to Cisco 2960 which is connected to
Microsoft AD via RADIUS proxy
Windows host (XP SP3) -> Cisco 2960 -> freeRADIUS proxy (2.1.10) ->
Microsoft AD (2003)
In the above setup user authentication goes fine. I am using PEAP v1
authentication.
I am struggling hard to make host authentication successful.
When the machine boots I see radius Access-Request with User-Name =
"host/radhost1.testad1.com" which
qualifies to IPASS type realm and searches for realm as "host" and
things do not work.
No - it's not an IPASS realm. You need to disable the IPASS module.
host/machine.domain.com
corresponds to:
DOMAIN\machine$
i.e. the machine account.
The "mschap" module can expand this, for example if you have the
"ntlm_auth" helper to authenticate MS-CHAP against a windows domain
using samba as a helper:
ntlm_auth = "... --username=%{mschap:User-Name} ..."
...will do the right thing.
Please point me to links/docs or give me pointer where/how to start.
Post the full debug output, not an edited version.
Wed Oct 20 07:27:48 2010 : Info: [eap] EAP Identity
Wed Oct 20 07:27:48 2010 : Info: [eap] processing type md5
Wed Oct 20 07:27:48 2010 : Debug: rlm_eap_md5: Issuing Challenge
This is EAP-MD5. You have not configured your windows client correctly.
Configure it correctly for PEAP/MS-CHAP.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
