Radius Server - EAP Failure when trying to submit user credentials to IAS on W2k3 over TLS through PEA

This is Interesting: Free IT Magazines  
Home > Archive > Radius Server > December 2006 > EAP Failure when trying to submit user credentials to IAS on W2k3 over TLS through PEA





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author EAP Failure when trying to submit user credentials to IAS on W2k3 over TLS through PEA
Novice

2006-12-18, 7:22 am

Hi,

We are trying out an implementation of PEAP-MSCHAP v2 (password) with
the TLS implementation of OpenSSL 0.9.7a.The client runs on a Linux box
and the IAS server runs on a W2K3 SP1 machine.

We are able to successfully establish the TLS session and proceed with
phase 2 of PEAP by sending a blank PEAP message,to which the server
responds with a PEAP Identity challenge request,the client responds
with a PEAP identity response ,the server returns with a PEAP Identity
response challenge for which the client responds with a PEAP EAP
Identity challenge response.The server returns a EAP failure with the
MSCHAPv2 error string E=691,R=1...........

We are passing a valid user name(we tried with and without domain name)
and a valid MD4 hash of the password,complying the MSCHAPv2 RFC.

Is there any way to diagnose the cause of the authentication failure in
the server(bad username or bad hash of the password,permission issues
etc.)?

The IAS logs dont say anything more than just "Authenticate user".

We have set the "Allow LM authentication" flag in the registry to zero
(0).

The Linux machine is not part of the domain to which the W2K3 machine
is the PDC.

Can anybody throw some light on something what we might be missing?

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com