[RADIATOR] eap peap + ntlm_auth
James
jtp at nc.rr.com
Wed Feb 16 21:56:04 CST 2011
I'm attempting to get EAP MSCHAPv2 (EAP PEAP) to work with wireless so
that our Cisco Wireless LAN Controllers can bounce user authentication
off of Radiator.
My understanding is that I should be using the
goodies/ntlm_eap_peap.cfg configuration file to start building off of.
This file indicates that there are a few moving parts that need to be
put in place for this to work properly:
(a) smb.conf file must be fleshed out
(b) ntlm_auth must function for EAP PEAP to work
Correct?
I'm currently stuck at ntlm_auth not functioning at all. Take this
output as an example:
# ntlm_auth --username=testuser --domain=<domain> --password='blah'
could not obtain winbind separator!
Reading winbind reply failed! (0x01)
: (0x0)
A quick tcpdump shows that this command DOES NOT in any way generate
any network traffic. Doh.
I guess part of my confusion is whether or not I must "net join" my
system to the domain. Is that a requirement?
My smb.conf file look as follows:
[global]
# Replace 'OPEN' with the name of your Windows domain:
workgroup = MYDOMAIN
security = domain
password server = *
This is pretty much a one-line change from the smb.conf file found in
the goodies directory.
Any ideas on why this is failing?
-james
More information about the radiator
mailing list