Fabio,
I remember having the same problem when I configured my captive portal +
pptp + freeradius + mysql backend.
I'm no expert at this, but I may be able to give you a start in the
right direction.
The thing is captive portal radius check uses another authentication
type than the pptp radius check.
IMHO, the pptp authentication uses the MS-CHAP type which requires a
plaintext password in the database.
At least, switching from an encrypted entry to a plaintext Password
entry fixed it for me.
Without the password in plaintext in my db, I could not get PPTP radius
auth working.
Fabio Rampazzo Mathias wrote:
WARNING: No "known good" password was found in LDAP. Are you sure
that the user is configured correctly?
[ldap] user fmathias authorized to use remote access
This would support my theory.
freeradius can find the fmathias user and says the user itself is
allowed to connect, but only if further password checks succeed.
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for fmathias with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
It then tries to check the MS-CHAP authentication, but can't find a
usable password to generate the NT-Password field.
I solved this by putting the cleartext-password in the db, so the
NT-Password could be generated by freeradius.
The better approach might be to find out what this NT-Password is and
just add that field.
H.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
