On 05/10/2011 03:00 PM, Garber, Neal wrote:
In the PEAP properties, EAP-MSCHAP v2, if you DISABLE
"automatically use my windows logon name and password" and instead
enter the credentials manually it works.
Look at:
http://freeradius.1045715.n5.nabble.com/MSCHAP-Authentication-Issue-td2785146.html
to see if this is your problem (look at the table in the post). If
so and you're running a version< 2.1.10, upgrade as this problem is
fixed in 2.1.10..
One additional note: the fixes that went into 2.1.10 extract (verbatim)
the client username from the EAP-MSCHAPv2 response, and pass that
through to the rlm_mschap module as an extra attribute.
This won't work for the OP even under 2.1.10, because his Aruba kit is
terminating the PEAP, and then proxying the EAP-MSCHAPv2 as plain
MS-CHAPv2, so (as advised elsewhere) he'll still need to change that.
You're almost certainly right about the cause/fix.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
