Thanks Heikki. I managed to run Radiator-4.17 on the new host for the backend EAP auth part and there is no difference in behaviour.
I also upgraded the samba pkg to 4.19.8 in the hope that that fixed something in ntlm_auth but no change there either. I went back to my original tests. mschap-test -c succeeds Eapol_test using a non-realm identity="username" succeeds Eapol_test using realm identity="[email protected]" fails NT_STATUS_WRONG_PASSWORD Running ntlm_auth manually feeding as input what was captured from the requests going via Radiator also succeeds and fails in the same way. Username and NT-Domain are identical and correct (base64 encoded) in each case, all that is different is LANMAN-Challenge and NT-Response. For info, the OS upgrade was from FreeBSD10.3 to 13.3. Any more suggestions? Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. ________________________________ From: radiator <[email protected]> on behalf of Heikki Vatiainen via radiator <[email protected]> Sent: 16 September 2024 2:46 PM To: [email protected] <[email protected]> Subject: Re: [RADIATOR] Problems with ntlm_auth for EAP inner auth after upgrade On 13.9.2024 0.29, Jethro Binks via radiator wrote: > > You did mention that the OS that runs Radiator is also a new one. > Could it be that the samba config is different enough to cause the > change in behaviour? > > Mildly, as the samba version was also greater so some adjustments were > made (upgrading samba always throws in changes). But the above tests > are all against the same running samba on the new server. They key > setting maybe "ntlm auth = mschapv2-and-ntlmv2-only" which was unstated > (removing it doesn't seem to make a different to the results). Do you think you could try the current Radiator version on the old server? That would help to learn if we could reduce the number of changed components in the whole system. Or as an alternative, try the older Radiator version on the new system. Thanks, Heikki -- Heikki Vatiainen Radiator Software, makers of Radiator Visit radiatorsoftware.com for Radiator AAA server software _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
