[mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for sminhas with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject
Needs NT/LM passwords (or plain-text) for mschap to work. See perl's Crypt::SmbHash on CPAN for an easy way to generate the hash from plaintext. Look at the samba schema for openLdap, and probably want to compile the smbk5pwd module for openLDAP as well (in the contrib section of the source) to keep your pwds sync'd (also check pam/nssldap conf for passwd changes using LDAP-exop if you let shell accounts change pwds too). -T ----------------------------- Message: 7 Date: Fri, 05 Jun 2009 14:47:36 -0400 From: Nik Alleyne <nalle...@brontecollege.ca> Subject: FreeRadius 2.1 + LDAP Authentication To: freeradius-users@lists.freeradius.org Message-ID: <20090605144736.cpa0ghg1wk4ok...@mail.brontecollege.ca> Content-Type: text/plain; charset=ISO-8859-1 Hi Guys, I'm hoping someone can help me, because I have been fighting with this issue for days now. Environment: FC10 + FreeRadius 2.1 + OpenLdap 2.4. I've successfully setup Certificate Based authentication on my FreeRadius server and that works well. My problem is I have some users I want to authenticate via username and password (EAP-PEAP). I configured FreeRadius for such and my radtest (Access-Accept) works as well as my NTRadPing Utility (Access-Accept) when checked against the users in LDAP. However, I cannot seem to get my Windows XP Wireless Clients to authenticate. Please see my debug info below for a sample user "sminhas" who has a cleartext LDAP password as "it". Thanks for the help. ---------------- radiusd -X ---------------------..snip - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html