>Put a test user in the "users" file: >test Cleartest-Password := "blah", MS-CHAP-Use-NTLM-Auth := 0
TTLS/MSCHAPV2 works! STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station MS-MPPE-Send-Key (sign) - hexdump(len=32): 3f 44 63 81 21 70 77 27 c0 b8 f7 fd fb 83 9b 16 6c 15 e5 dd 09 29 32 0c 8c 0e 78 41 b6 a7 9b c7 MS-MPPE-Recv-Key (crypt) - hexdump(len=32): c2 48 21 44 3a 14 c1 7a f2 58 9b 0f e5 7c ab 80 6b b5 ff 58 62 46 b7 32 86 fd ee eb eb 38 46 69 decapsulated EAP packet (code=3 id=8 len=4) from RADIUS server: EAP Success EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required WPA: EAPOL processing complete EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=1 PMK from EAPOL - hexdump(len=32): c2 48 21 44 3a 14 c1 7a f2 58 9b 0f e5 7c ab 80 6b b5 ff 58 62 46 b7 32 86 fd ee eb eb 38 46 69 EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit ENGINE: engine deinit MPPE keys OK: 1 mismatch: 0 SUCCESS > >> If that still fails, then there's something wrong with the system >that breaks the server in 2.0.5. > >Running Samba 3.2.0 on Fedora 9 >Your problem is very odd. I'm using 2.0.5 on RHEL5 with ntlm_auth and >it's working fine. >The only time I've seen eapol_test fail with "mismatch" is when I've >failed to strip the DOMAIN\ or @DOMAIN.COM from usernames with realms >and this has confused the key hashing - but your usernames are >unadorned. >Perhaps the Samba version in F9 has problems? What OS and samba version >is your (working) 1.1.7 server running? Samba 3.0.28 for fc7 Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
