Hi James,
Make sure your computer joined to domain : I follow the following instruction: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto You don't need nsswitch or pam modification. As long as you successfully joined to the domain you are OK. If you have problem joining your machine to domain, the best place to look for help is samba mailing list (http://lists.samba.org) In regards to Radiator, here is my simplified client + handler config. I hope it help. Regards, Rianto <Client 10.0.0.1> Identifier Eduroam-Server Secret xxxxx </Client> <Handler Client-Identifier=Eduroam-Server, TunnelledByTTLS=1,Realm=/(latrobe|ltu).*/i> RewriteUsername s/^\@.*// # Auth against AD with ntlm_auth <AuthBy NTLM> EAPType MSCHAP-V2 Domain LTU UsernameMatchesWithoutRealm </AuthBy> </Handler> #OUTER - CERTIFICATES <Handler Client-Identifier=Eduroam-Server> <AuthBy FILE> Filename %D/users EAPType PEAP,TTLS,TLS,LEAP EAPAnonymous %{User-Name} EAPTLS_CAPath /etc/radiator/certs/ca EAPTLS_CertificateChainFile /etc/radiator/certs/ssl-combined EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile /etc/radiator/certs/server.key EAPTLS_MaxFragmentSize 1000 AutoMPPEKeys </AuthBy> </Handler> -----Original Message----- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of James Sent: Friday, 18 February 2011 6:21 AM To: radiator@open.com.au Subject: Re: [RADIATOR] eap peap + ntlm_auth Bump...and help would be greatly appreciated. :) -james On Wed, Feb 16, 2011 at 22:56, James <j...@nc.rr.com> wrote: > I'm attempting to get EAP MSCHAPv2 (EAP PEAP) to work with wireless so > that our Cisco Wireless LAN Controllers can bounce user authentication > off of Radiator. > > My understanding is that I should be using the > goodies/ntlm_eap_peap.cfg configuration file to start building off of. > > This file indicates that there are a few moving parts that need to be > put in place for this to work properly: > > (a) smb.conf file must be fleshed out > (b) ntlm_auth must function for EAP PEAP to work > > Correct? > > I'm currently stuck at ntlm_auth not functioning at all. Take this > output as an example: > > # ntlm_auth --username=testuser --domain=<domain> --password='blah' > could not obtain winbind separator! > Reading winbind reply failed! (0x01) > : (0x0) > > A quick tcpdump shows that this command DOES NOT in any way generate > any network traffic. Doh. > > I guess part of my confusion is whether or not I must "net join" my > system to the domain. Is that a requirement? > > My smb.conf file look as follows: > > [global] > # Replace 'OPEN' with the name of your Windows domain: > workgroup = MYDOMAIN > security = domain > password server = * > > This is pretty much a one-line change from the smb.conf file found in > the goodies directory. > > Any ideas on why this is failing? > > -james _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
