EAP Failure when trying to submit user credentials to IAS on W2k3 over TLS through PEAP -MSCHAPv2
- From: "Novice" <selvaganeshv@xxxxxxxxx>
- Date: 18 Dec 2006 04:55:38 -0800
Hi,
We are trying out an implementation of PEAP-MSCHAP v2 (password) with
the TLS implementation of OpenSSL 0.9.7a.The client runs on a Linux box
and the IAS server runs on a W2K3 SP1 machine.
We are able to successfully establish the TLS session and proceed with
phase 2 of PEAP by sending a blank PEAP message,to which the server
responds with a PEAP Identity challenge request,the client responds
with a PEAP identity response ,the server returns with a PEAP Identity
response challenge for which the client responds with a PEAP EAP
Identity challenge response.The server returns a EAP failure with the
MSCHAPv2 error string E=691,R=1...........
We are passing a valid user name(we tried with and without domain name)
and a valid MD4 hash of the password,complying the MSCHAPv2 RFC.
Is there any way to diagnose the cause of the authentication failure in
the server(bad username or bad hash of the password,permission issues
etc.)?
The IAS logs dont say anything more than just "Authenticate user".
We have set the "Allow LM authentication" flag in the registry to zero
(0).
The Linux machine is not part of the domain to which the W2K3 machine
is the PDC.
Can anybody throw some light on something what we might be missing?
.
- Prev by Date: Re: Wireless IAS Authenication fails for new workstations: IAS_AUTH_Failure
- Next by Date: Can you add/remove policies in IAS programmatically
- Previous by thread: Wireless IAS Authenication fails for new workstations: IAS_AUTH_Failure
- Next by thread: Can you add/remove policies in IAS programmatically
- Index(es):
Relevant Pages
|
