[EMAIL PROTECTED] wrote: > rlm_mschap: Told to do MS-CHAPv2 for johnk with NT-Password > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
That's pretty definitive. > My thoughts are that SQL and MSCHAP should be in the authorization section, > and MSCHAP and EAP should be in authentication. "eap" should be in the "authorize" section, too. That's the way the server comnes configured. > I am storing NTLM passwords in my SQL server. ... > | 1490 | johnk | User-Password | == | > 0393A990E3426721695109AB020K4E1C:FBFR81520C5BDDENOTREALPASSWORD33 | No, you're not. You're telling the server that the clear-text password is a hex string, which it's not. If you want to store the NT-hashed passwords in SQL, use the "NT-Password" attribute, and ensure that the value is 32 bytes of hex data. But before you do that, I would STRONGLY suggest storing a simple clear-text password in SQL, like "test". Verify that it works, and THEN start storing NT password. By trying to configure 3 things at the same time, you guarantee that you can't possible figure out which one of the three is failing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
