> > We run Debian, and we currently have our samba packages pinned at version > 2:3.0.30-3 due to this issue: > > http://lists.freeradius.org/pipermail/freeradius-users/2009-February/msg00289.html > > See the Debain APT manual for information on package pinning.
Thanks Mike! I'll look into this a bit more although as you say I am not quite having that issue (yet). :-> > > That said, your debug output (if that was all of it) didn't seem to suggest > you're running into this particular issue just yet. I say that because your > EAP exchange never progresses to the point where ntlm_auth is executed by > FreeRADIUS. Things seem to be hanging right after the outer TLS tunnel is > established, which may point to a certificate problem. Are you sure your > server certificate is OK? I am not sure that it is, I am a noob. I built freeradius from the current stable source, but I used apt to install openssl. My understanding was that when I fired freeradius up for the first time it would automatically populate /etc/freeradius/certs with all of the files necessary to make a proper peap connection. Can you suggest a way to test the cert? Wireshark tells me that my 3Com 3226 switch is sending an eap reject immediately after I connect the supplicant to a port protected with .1x. I don't see any traffic between the switch and freeradius so I am wondering if the switch doesn't support peap? Perhaps I should back off and try md5 or something? Also since I am throwing out the litany of my ignorance I haven't solved in a good way a complaint that I get when I am testing via 'wbinfo -a username%password'. I've had to chmod 777 /var/run/samba/winbindd_privileged in order to use the socket, of course restarting winbind resets the perms here. I saw something about enabling extending acls's on the file system to work around this issue. I'd be interested to know what you ended up doing. Thanks for the reply! John > > Mike Loosbrock > Bethel University Network Services > 651-638-6723 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
