ping? On Thu, Feb 4, 2010 at 5:21 PM, Fabio Rampazzo Mathias <[email protected]>wrote:
> Hi again, > > I've configured FreeRADIUS to work with NTLM_AUTH. Now my freeradius logs > are ok and is autheticating without clear password (I'm gonna generate some > howto to post here). But I still can't connect over PPTP. There's no problem > with FreeRadius but my OSX says: "Authentication failure". > > I guess the problem is in pfSense's PPTP package. How can I track errors ? > I've read the /var/log/vpn.log but it only gives me the successfully > connections i've made without using freeradius. > > Thanks in advance > > On Tue, Jan 19, 2010 at 11:20 AM, Fabio Rampazzo Mathias < > [email protected]> wrote: > >> Hans, >> >> Thanks for the help. >> Gonna try this and find some help in this way. >> >> Cheers >> >> On Tue, Jan 19, 2010 at 11:13 AM, Hans Maes <[email protected]> wrote: >> >>> Fabio, >>> >>> I remember having the same problem when I configured my captive portal + >>> pptp + freeradius + mysql backend. >>> I'm no expert at this, but I may be able to give you a start in the right >>> direction. >>> >>> The thing is captive portal radius check uses another authentication type >>> than the pptp radius check. >>> >>> IMHO, the pptp authentication uses the MS-CHAP type which requires a >>> plaintext password in the database. >>> At least, switching from an encrypted entry to a plaintext Password entry >>> fixed it for me. >>> Without the password in plaintext in my db, I could not get PPTP radius >>> auth working. >>> >>> >>> Fabio Rampazzo Mathias wrote: >>> >>>> WARNING: No "known good" password was found in LDAP. Are you sure that >>>> the user is configured correctly? >>>> [ldap] user fmathias authorized to use remote access >>>> >>> This would support my theory. >>> freeradius can find the fmathias user and says the user itself is allowed >>> to connect, but only if further password checks succeed. >>> >>> >>> Found Auth-Type = MSCHAP >>>> +- entering group MS-CHAP {...} >>>> [mschap] No Cleartext-Password configured. Cannot create LM-Password. >>>> [mschap] No Cleartext-Password configured. Cannot create NT-Password. >>>> [mschap] Told to do MS-CHAPv2 for fmathias with NT-Password >>>> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. >>>> [mschap] FAILED: MS-CHAP2-Response is incorrect >>>> ++[mschap] returns reject >>>> Failed to authenticate the user. >>>> Using Post-Auth-Type Reject >>>> >>> It then tries to check the MS-CHAP authentication, but can't find a >>> usable password to generate the NT-Password field. >>> >>> I solved this by putting the cleartext-password in the db, so the >>> NT-Password could be generated by freeradius. >>> The better approach might be to find out what this NT-Password is and >>> just add that field. >>> >>> H. >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> Commercial support available - https://portal.pfsense.org >>> >>> >> >
