Sorry, I trimmed because "everything" is the same between success and failure up until the "exec program output"...
Yes, they are domain members. FR sees only a basic MSCHAP request, no *EAP of any kind. ----- Original Message ----- From: Phil Mayers [mailto:[email protected]] Sent: Tuesday, May 10, 2011 03:55 AM To: [email protected] <[email protected]> Subject: Re: PEAP/MSCHAPv2 failing with Windows 7 On 05/09/2011 10:55 PM, Gary Gatten wrote: > > Exec-Program output: Logon failure (0xc000006d) > > Exec-Program-Wait: plaintext: Logon failure (0xc000006d) > > Exec-Program: returned: 1 > > [mschap] External script failed. > > [mschap] FAILED: MS-CHAP2-Response is incorrect > > ++[mschap] returns reject You've trimmed the debug output, so we can't see what the problem is. Don't do that. > In the PEAP properties, EAP-MSCHAP v2, if you DISABLE “automatically use > my windows logon name and password” and instead enter the credentials > manually it works. Are the machines domain members? > I should note, it appears the Aruba gear is terminating the PEAP – FR > only sees an MSCHAP request. DEFINITELY don't do that! Is it passing the PEAP inner as EAP-MSCHAPv2 or plain MS-CHAPv2? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
