[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for sminhas with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Needs NT/LM passwords (or plain-text) for mschap to work. See perl's
Crypt::SmbHash on CPAN for an easy way to generate the hash from plaintext.
Look at the samba schema for openLdap, and probably want to compile the
smbk5pwd module for openLDAP as well (in the contrib section of the source) to
keep your pwds sync'd (also check pam/nssldap conf for passwd changes using
LDAP-exop if you let shell accounts change pwds too).
-T
-----------------------------
Message: 7
Date: Fri, 05 Jun 2009 14:47:36 -0400
From: Nik Alleyne <[email protected]>
Subject: FreeRadius 2.1 + LDAP Authentication
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Hi Guys,
I'm hoping someone can help me, because I have been fighting with this issue for
days now.
Environment:
FC10 + FreeRadius 2.1 + OpenLdap 2.4.
I've successfully setup Certificate Based authentication on my FreeRadius server
and that works well. My problem is I have some users I want to authenticate via
username and password (EAP-PEAP).
I configured FreeRadius for such and my radtest (Access-Accept) works as well as
my NTRadPing Utility (Access-Accept) when checked against the users in LDAP.
However, I cannot seem to get my Windows XP Wireless Clients to authenticate.
Please see my debug info below for a sample user "sminhas" who has a cleartext
LDAP password as "it". Thanks for the help.
---------------- radiusd -X ---------------------..snip
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
