On 02/17/2011 05:56 AM, James wrote:
> I'm attempting to get EAP MSCHAPv2 (EAP PEAP) to work with wireless so
> that our Cisco Wireless LAN Controllers can bounce user authentication
> off of Radiator.
>
> My understanding is that I should be using the
> goodies/ntlm_eap_peap.cfg configuration file to start building off of.
>
> This file indicates that there are a few moving parts that need to be
> put in place for this to work properly:
>
> (a) smb.conf file must be fleshed out
> (b) ntlm_auth must function for EAP PEAP to work
>
> Correct?
Yes, if your user database is AD.
You could use e.g., plain LDAP if you have access to {nthash}passwords
or plain text passwords. So PEAP does not necessarily imply AD.
> I'm currently stuck at ntlm_auth not functioning at all. Take this
> output as an example:
>
> # ntlm_auth --username=testuser --domain=<domain> --password='blah'
> could not obtain winbind separator!
> Reading winbind reply failed! (0x01)
> : (0x0)
>
> A quick tcpdump shows that this command DOES NOT in any way generate
> any network traffic. Doh.
>
> I guess part of my confusion is whether or not I must "net join" my
> system to the domain. Is that a requirement?
Yes. You must have winbind running, no need for smbd or nmbd, and you
must do "net ads join ..." once.
> My smb.conf file look as follows:
>
> [global]
> # Replace 'OPEN' with the name of your Windows domain:
> workgroup = MYDOMAIN
> security = domain
> password server = *
>
> This is pretty much a one-line change from the smb.conf file found in
> the goodies directory.
>
> Any ideas on why this is failing?
Probably missing domain join is the main thing.
Also see this:
http://www.open.com.au/pipermail/radiator/2010-February/016091.html
Please let us know of your results. The settings seem to always differ
more or less between different environments.
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
