"mic failure"
towards the end of the negotiation.
We are running version 4.7 of radiator on a linux machine.
Any ideas appreciated :)
Thanks-
Joy Veronneau
Identity Management
Cornell University
___
radiator mailing list
radiator@o
Hi, thank you all for your suggestions. It turned out to be pretty simple - I
had to add this line to the radius config file:
EAPTLS_PEAPVersion 0
*and*
correct the configuration on my mac.
-- Joy
From: Joy Veronneau mailto:j...@cornell.edu>>
Date: Tue, 9 Aug 2011 16:31:08 -0400
S
Hi,
I am stumped! I have implemented samba and MSCHAPv2 and everything works when
running as user root. (Winbindd and radiator running as root.) But I need to
run the radiator process as user "radiator". I also had to install samba in an
alternate directory.
So – when running radiator and winbi
Hi,
The solution that is working for me is to run winbindd as root - then with
proper file permissions, radiator can run as user "radiator" and the ntlm
authentication works.
Thanks so much for the help!!
Joy
On 11/2/11 9:19 AM, "David Zych" wrote:
>Joy Veronnea
Hi,
Is it possible for the radiator server to do machine-based authentication (via
certificate) to an Active Directory domain? I have MSCHAPv2 working to our AD
domain with username/password, but now someone is asking about machine-based
authentication. They are currently doing this with an MS r
33004
Code: Access-Reject
Identifier: 219
Authentic: <138>5<9><254><236><131>3<184>xLU?N4<139><225>
Attributes:
Reply-Message = "Request Denied"
Thanks again,
Joy
On 11/10/11 5:21 PM, "Heikki Vatiainen"
mail
.
I tried using but that really broke everything... I do have NTLM
working for username/pw based authn but I need to do that AND machine based…
I'd appreciate a hint. Thanks-
Joy
On 11/10/11 5:21 PM, "Heikki Vatiainen"
mailto:h...@open.com.au>> wrote:
On 11/09/2011 09
Hi,
I am still working on my machine based authentication config.
Config1 (below) works fine but requires that the names of the machines be
listed in the file tls_anon.
I need to modify this config so that I do not need to maintain a list of
host names on the radiator server and so that I can ex
But if I do that, I will still have to have the names of the machines in
the tls_anon file, wouldn't I?
Thanks,
Joy
On 12/8/11 5:07 PM, "Heikki Vatiainen" wrote:
>On 12/07/2011 11:42 PM, Joy Veronneau wrote:
>
>Hello Joy,
>
>> I am still working on my ma
>On 12/09/2011 12:15 AM, Joy Veronneau wrote:
>
>> But if I do that, I will still have to have the names of the machines in
>> the tls_anon file, wouldn't I?
>
>Good point, I overlooked that part. Please see ref.pdf section "5.20.46
>EAPTLS_NoCheckId". You ca
Ok, that's what I was looking for! putting DEFAULT in the file yields the
desired behavior.
Thanks!
Joy
On 12/8/11 5:47 PM, "Heikki Vatiainen" wrote:
>On 12/09/2011 12:31 AM, Joy Veronneau wrote:
>> Hmm, but EAPTLS_NoCheckId also doesn't check that the cert name
11 matches
Mail list logo
