James Yale wrote: > With a default configuration EAP works with a user specified in the > users file with a cleartext password > (http://jim.geezas.com/stuff/radius-debugging/ *-success.log files). > This works via eapol and a Mac test client.
Ah. > As soon as I enable the MSCHAP module (uncommenting the ntlm auth > line) all authentication queries the AD here, so the locally > configured user fails. When I try a user configured in the AD I'm > getting: > > EAP-MSCHAPV2: Invalid authenticator response in success request Upgrade Samba. If you're not using at least 3.2.1, upgrade to that. > http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the > message authenticator does seem to be invalid, No. eapol_test is saying that the MSCHAP response is invalid. > Has anyone seen this problem before, or am I looking in the wrong place? Others have seen exactly the same thing in the past weeks. Upgrading Samba fixed it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
