Hi, > We've decided against using winbind / ntlm_auth. Unfortunately our AD > environment is so sporadic and bumpy that we're desperate for another > solution.
that really should be fixed. WHY is it dumpy and sporadic. I know a lot of people give MS grief about their product with various names being levelled at them but AD , when operating properly, is a solid bit of software/architecture. if its not stable, then how will your RADIUS proxying to the NPS (which lives in AD) be stable? Why will NPS be stable as that uses the same AD backend. avoiding the real cause of problems isnt the way to go here IMHO. you may apply a band-aid but if the problem is an infected stump then its not going to help in the long term. > Unfortunately, however, when we proxy our EAP requests through Radiator, > NPS sends an ACCESS-REJECT back without much logging. From what I can > tell, NPS is not responding because the RADIUS message that is proxied > through Radiator does not have a valid NAS port type. the event log will contain an error code. look on MS technet NPS docs for what that error code means. on NPS you will have policy/policies. if the policys arent met, you will get a reject.. often it will be things like NAS-Port-Type (which by default is 802.11-Wireless or such. you need to either ensure that the testing tools send that attribute or that you change your policies to something else...eg the request is EAP or that the EAP type is PEAP or somesuch use -N with eapol_test to send whatever you want...(well, so long as eapol_test was built with the required VSA/TLV in the dictionary files!) alan _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
