[RADIATOR] 802.1x PEAP-MSCHAPv2 - NTLM+(Radius/NTLM)

2014-07-23 Thread Christopher Chance
Let me just say I got 802.1x working with PEAP/MSCHAPv2 -> NTLM authentication The issue is we have 2 domains on our network and want to be able to have the single 802.1x authentication, sorted by domain authenticate and return the correct vlan for the user... I couldn't figure a way out to

Re: [RADIATOR] 802.1x PEAP-MSCHAPv2 - NTLM+(Radius/NTLM)

2014-07-23 Thread Hugh Irvine
Hello Chris - Could you please explain in detail what exactly you are trying to accomplish? It sounds like you are authenticating against Active Directory but you are running Radiator on Linux? Can you tell us how you differentiate between the 2 domains? We can make better suggestions if we c

Re: [RADIATOR] 802.1x PEAP-MSCHAPv2 - NTLM+(Radius/NTLM)

2014-07-23 Thread Christopher Chance
2 domains are on 2 seperate vlans... for authentication i'm filtering it by the handler Domain1\myuser Domain2\myuser if domain1 then process it via NTLM locally, if the second domain forward to secondary radius that has an interface on domain2 and is part of domain2's domain. This is being don

Re: [RADIATOR] 802.1x PEAP-MSCHAPv2 - NTLM+(Radius/NTLM)

2014-07-23 Thread Hugh Irvine
Hello Chris - OK - this is what I had imagined. What I would suggest is running Microsoft NPS on each domain, then just proxy the inner requests to the corresponding NPS. In this case the inner requests are just straight MSCHAP-V2. Something like this: Foreground LogStdout LogDir /etc/radia

Re: [RADIATOR] 802.1x PEAP-MSCHAPv2 - NTLM+(Radius/NTLM)

2014-07-23 Thread Christopher Chance
How does this differ from what I'm already doing The primary domains working the secondary domain is getting a response from the other radius after the second radius polls NTLM...it responds with an access accept but for some reason the main server gets the accept but then the eap challenge