[EMAIL PROTECTED] wrote:
on the windows client. I tried first one automatic login and then a
manual one. The CHAP log generated by Windows is as follows:
Hmph. That wasn't as useful as I'd hoped (the PPP logs are much better)
Windows sends both domain and username, but only the manual login
succeeds.
For the manual login, Windows uses DES and MD5 but for the automatic
one uses Local Security Authority, but I don't think this has
something to do with my problem, does it?
Not really - the automatic login calls out to the LSA to get the
logged-in creds. The manual login does a portion of that locally.
I've also tried other things on the client side:
Cleaned cached user credentials from regedit, just in case, but the
result is the same. I've tried using different computers and the
result is the same. Using a different supplicant (SecureW2) seemed to
work, but not using PEAP. I selected EAP-MSCHAP v2 and both automatic
and manual logins worked on my computer through SW2. Then I tried it
on another computer, and didn't work. Different accounts and the
result is the same.
I haven't tried yet bumping the debugging level in Samba. I was just
trying on the client side, but unfortunately nothing succeeded :(
Well, now I have to try things on the server side.
I doubt there's anything in the Radius server that'll help at this point.
Only two things I can think of:
1. Does your password have odd (non-ascii) characters in it? That
should NOT matter for MS-CHAP since it's explicitly unicode aware
2. Does the domain you are in have particular tight security policies
that might be preventing the LSA from successfully completing an MS-CHAP
but would allow the manual code to work?
Both are extremely unlikely.
Sorry I can't be more help
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
