Isn't the same certificate used in the TLS tunnel for TTLS? Anyhow, it appears to be something to do with the person who configed Samba. They clustered the servers and the privileges changes in /var/cache/samba/winbind_privileged. That directory has been one of the biggest problems we've had so far.
Thanks, Nathan Van Fleet Telecommunications Analyst Network Assessment and Integration IITS Concordia University (514) 848-2424 Extension:5434 > -----Original Message----- > From: freeradius-users- > [email protected] > [mailto:freeradius-users- > [email protected]] On Behalf Of > Danner, Mearl > Sent: Friday, June 25, 2010 9:34 AM > To: FreeRadius users mailing list > Subject: RE: PEAP - AD Disabled > > Have you checked the certificate? That's one major difference. ntlm- > auth is the auth after the cert conversation in PEAP is done. > > Maybe a radiusd -X log to help us along? > > > From: freeradius-users- > [email protected] [mailto:freeradius- > [email protected]] On Behalf Of > Nathan McDavit-Van Fleet > Sent: Friday, June 25, 2010 8:22 AM > To: 'FreeRadius users mailing list' > Subject: PEAP - AD Disabled > > Okay, > > I've had a working config with the following for the past month. > > TTLS->LDAP > PEAP->AD > PEAP->Local Users File > > After a month running everything perfectly, 3 days ago the "PEAP-AD" > portion of the AAA failed. This is for wireless auth. > > Strangely, I can still auth from the CLI using ntlm_auth and wbinfo. So > it appears as if the Samba connection to the AD is fine. Nothing has > changed config wise between then and now, and I haven't found any > interesting log information. You just get a "Login incorrect" when you > try to login via PEAP->AD. Everything else is verified as working. > > Aside from Freeradius itself, what are the differences between using > ntlm_auth via CLI and via Freeradius? > > Nathan Van Fleet > Telecommunications Analyst > Network Assessment and Integration > IITS Concordia University > (514) 848-2424 Extension:5434 > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
