Radius: Login with windows credentials (Windows 10)

windows
radius

#1

Hi,

i try to connect from a Windows 10 Laptop to my Wifi, which uses the ucs radius for authentication. When i enter the username and password manually, everything works. When i use the flag for using the windows login credentials, then the authentication fails. I have found several entries which describe that the realm module needs to be checked, but my one seems to be fine:

realm IPASS {
        format = prefix
        delimiter = "/"
}

#  'username@realm'
#
realm suffix {
        format = suffix
        delimiter = "@"
}

#  'username%realm'
#
realm realmpercent {
        format = suffix
        delimiter = "%"
}

#
#  'domain\user'
#
realm ntdomain {
        format = prefix
        delimiter = "\\"
}

The error message, which i see in the log is the following:

Tue Nov 28 20:57:44 2017 : Auth: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [INTRANET\\Administrator/<via Auth-Type = EAP>] (from client utm2 port 0 via TLS tunnel)
Tue Nov 28 20:57:44 2017 : Auth: Login incorrect: [INTRANET\\Administrator/<via Auth-Type = EAP>] (from client utm2 port 2 cli 60-67-20-DE-B0-3C)

What looks strange for me, is that there is a suffix <via Auth-Type = EAP>. Potentially this is causing the problem. But how could that be removed by a rule?

Thank you very much for your help!

Kind Regards,

Tobias Lorentz


#2

Has no one an idea?

Kind Regards

Tobias Lorentz


#3

Hi,

just found that there was a bug reported about this:
https://forge.univention.org/bugzilla/show_bug.cgi?id=42535

Unfortunately not yet solved.

Kind Regards,

Tobias Lorentz


#4

See the bug entry, maybe it helps:
https://forge.univention.org/bugzilla/show_bug.cgi?id=42535#c4