Bram Matthys (Syzop) wrote: > I'm using FreeRadius 2.0.3. I've seen several tutorials regarding > Freeradius > 1, which help, but they are a bit outdated, and are often using a different > authentication method or protocol (like PEAP).
TTLS with MS-CHAP2 is 99% like PEAP. > I've verified ntlm_auth works on the command line. > I've been following (among others) > http://deployingradius.com/documents/configuration/active_directory.html ... > Once this passed (i tested with radtest), I commented out both, because it > was only for testing. Yes. > Side note..I had set 'wait = no' previously, due to the tutorial mentioning > that, but then the password was always correct even if I provided an > incorrect one. Fixed, thanks. > I've also been reading > http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO by > the way, and while it did help they use PEAP (w/mschapv2) so hmm. It should be the same. > Anyway, back on track: > I've taken the default radius configuration files (as of v2.0.3), and > editted them.. You should use 2.0.4, for a number of reasons. ... > ttls { > default_eap_type = mschapv2 Are you using EAP-MSCHAPv2, or MS-CHAPv2? See the comments above this configuration entry in the default eap.conf file. ... You'll also need a raddb/sites-enabled/inner-tunnel file. It's not installed in 2.0.3. This was fixed in 2.0.4. > This is what I get using the 'rad_eap_test' tool.. since i'm working > remotely I cannot use securew2 at the moment (if someone has another > suggestion on how to check eap ttls w/mschapv2, let me know.. eapol_test, which comes with wpa_supplicant. Install 2.0.4, which should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
