Thank you both. I will try this soon. :) I appreciate the quick and detailed responses!
-james On Thu, Feb 17, 2011 at 16:21, Rianto Wahyudi <r.wahy...@latrobe.edu.au> wrote: > Hi James, > > > Make sure your computer joined to domain : > I follow the following instruction: > https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto > > You don't need nsswitch or pam modification. As long as you successfully > joined to the domain you are OK. > If you have problem joining your machine to domain, the best place to look > for help is samba mailing list (http://lists.samba.org) > > In regards to Radiator, here is my simplified client + handler config. I hope > it help. > > Regards, > Rianto > > <Client 10.0.0.1> > Identifier Eduroam-Server > Secret xxxxx > </Client> > > <Handler Client-Identifier=Eduroam-Server, > TunnelledByTTLS=1,Realm=/(latrobe|ltu).*/i> > RewriteUsername s/^\@.*// > # Auth against AD with ntlm_auth > <AuthBy NTLM> > EAPType MSCHAP-V2 > Domain LTU > UsernameMatchesWithoutRealm > </AuthBy> > </Handler> > > #OUTER - CERTIFICATES > <Handler Client-Identifier=Eduroam-Server> > <AuthBy FILE> > Filename %D/users > EAPType PEAP,TTLS,TLS,LEAP > EAPAnonymous %{User-Name} > EAPTLS_CAPath /etc/radiator/certs/ca > EAPTLS_CertificateChainFile /etc/radiator/certs/ssl-combined > EAPTLS_CertificateType PEM > EAPTLS_PrivateKeyFile /etc/radiator/certs/server.key > EAPTLS_MaxFragmentSize 1000 > AutoMPPEKeys > </AuthBy> > </Handler> > > > > > > > > > -----Original Message----- > From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On > Behalf Of James > Sent: Friday, 18 February 2011 6:21 AM > To: radiator@open.com.au > Subject: Re: [RADIATOR] eap peap + ntlm_auth > > Bump...and help would be greatly appreciated. :) > > -james > > On Wed, Feb 16, 2011 at 22:56, James <j...@nc.rr.com> wrote: >> I'm attempting to get EAP MSCHAPv2 (EAP PEAP) to work with wireless so >> that our Cisco Wireless LAN Controllers can bounce user authentication >> off of Radiator. >> >> My understanding is that I should be using the >> goodies/ntlm_eap_peap.cfg configuration file to start building off of. >> >> This file indicates that there are a few moving parts that need to be >> put in place for this to work properly: >> >> (a) smb.conf file must be fleshed out >> (b) ntlm_auth must function for EAP PEAP to work >> >> Correct? >> >> I'm currently stuck at ntlm_auth not functioning at all. Take this >> output as an example: >> >> # ntlm_auth --username=testuser --domain=<domain> --password='blah' >> could not obtain winbind separator! >> Reading winbind reply failed! (0x01) >> : (0x0) >> >> A quick tcpdump shows that this command DOES NOT in any way generate >> any network traffic. Doh. >> >> I guess part of my confusion is whether or not I must "net join" my >> system to the domain. Is that a requirement? >> >> My smb.conf file look as follows: >> >> [global] >> # Replace 'OPEN' with the name of your Windows domain: >> workgroup = MYDOMAIN >> security = domain >> password server = * >> >> This is pretty much a one-line change from the smb.conf file found in >> the goodies directory. >> >> Any ideas on why this is failing? >> >> -james > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
