Hans, Thanks for the help. Gonna try this and find some help in this way.
Cheers On Tue, Jan 19, 2010 at 11:13 AM, Hans Maes <[email protected]> wrote: > Fabio, > > I remember having the same problem when I configured my captive portal + > pptp + freeradius + mysql backend. > I'm no expert at this, but I may be able to give you a start in the right > direction. > > The thing is captive portal radius check uses another authentication type > than the pptp radius check. > > IMHO, the pptp authentication uses the MS-CHAP type which requires a > plaintext password in the database. > At least, switching from an encrypted entry to a plaintext Password entry > fixed it for me. > Without the password in plaintext in my db, I could not get PPTP radius > auth working. > > > Fabio Rampazzo Mathias wrote: > >> WARNING: No "known good" password was found in LDAP. Are you sure that >> the user is configured correctly? >> [ldap] user fmathias authorized to use remote access >> > This would support my theory. > freeradius can find the fmathias user and says the user itself is allowed > to connect, but only if further password checks succeed. > > > Found Auth-Type = MSCHAP >> +- entering group MS-CHAP {...} >> [mschap] No Cleartext-Password configured. Cannot create LM-Password. >> [mschap] No Cleartext-Password configured. Cannot create NT-Password. >> [mschap] Told to do MS-CHAPv2 for fmathias with NT-Password >> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. >> [mschap] FAILED: MS-CHAP2-Response is incorrect >> ++[mschap] returns reject >> Failed to authenticate the user. >> Using Post-Auth-Type Reject >> > It then tries to check the MS-CHAP authentication, but can't find a usable > password to generate the NT-Password field. > > I solved this by putting the cleartext-password in the db, so the > NT-Password could be generated by freeradius. > The better approach might be to find out what this NT-Password is and just > add that field. > > H. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
