[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header ==
"{crypt}$1$94hl3NgJ$AuuZleae5i2GkzrT9XIye0"
"crypt" passwords cannot be used to do MS-CHAP. It is impossible.
MS-CHAP requires either the cleartext password or NT/LM hashes.
See:
http://deployingradius.com/documents/protocols/compatibility.html
[ldap] looking for reply items in directory...
[ldap] user mahendra authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/default
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: mahendra
[mschap] Told to do MS-CHAPv2 for mahendra with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
...because you only have crypt passwords, it fails.
You MUST store plaintext or nt/lm hashes if you want to do PEAP/MSCHAP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
