Problems with wifi authentication: [mschap] No Cleartext-Passwordconfigured...
tnt at kalik.net
tnt at kalik.net
Thu Dec 4 19:58:11 CET 2008
>I'm with problems on my first radius authentication server for
>wireless clients. I've made some progress, but now I'm with problems
>that I don't know how to solve.
>
>I want to use the NIS user database.
>
That's your problem right there.
>Freeradius version: 2.1.1, compiled from source on mandriva 2008.1
>(yes, i don't like mandriva, but i have to use it)
>
>With radtest, I already can authenticate with users located on
>/etc/raddb/users/ , /etc/passwd and NIS' users:
>
>Example:
>leonardolocal at lcc56:~$ radtest leonardo lalala 172.16.0.2 0 xpto
>Sending Access-Request of id 65 to 172.16.0.2 port 1812
>User-Name = "leonardo"
>User-Password = "radius1234"
>NAS-IP-Address = 127.0.1.1
>NAS-Port = 0
>rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=65, length=20
>leonardolocal at lcc56:~$ radtest usuario1 lalala 172.16.0.2 0 xpto
>Sending Access-Request of id 57 to 172.16.0.2 port 1812
>User-Name = "usuario1"
>User-Password = "senha1"
>NAS-IP-Address = 127.0.1.1
>NAS-Port = 0
>rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=57, length=20
>leonardolocal at lcc56:~$ radtest localradius lalala 172.16.0.2 0 xpto
>Sending Access-Request of id 135 to 172.16.0.2 port 1812
>User-Name = "localradius"
>User-Password = "radius1234"
>NAS-IP-Address = 127.0.1.1
>NAS-Port = 0
>rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=212, length=20
>
Crypted passwords and pap work fine.
>Until here, everything was ok, the problems begins when I try
>authenticate through wireless access point:
>
>The PEAP doesn't work. And by TTLS/MSCHAPv2 works, but only for users
>located on the /etc/raddb/users file, and not for NIS' or passwd'
>users.
>
>Error that happens when a I try connect with TTLS/MSCHAPv2 and with
>user not listed on the /etc/raddb/users file:
>
>Found Auth-Type = MSCHAP
>+- entering group MS-CHAP {...}
>[mschap] No Cleartext-Password configured. Cannot create LM-Password.
>[mschap] No Cleartext-Password configured. Cannot create NT-Password.
>[mschap] Told to do MS-CHAPv2 for leonardo with NT-Password
>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
>[mschap] FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject
>Failed to authenticate the user.
>
But not with mschap:
http://deployingradius.com/documents/protocols/compatibility.html
You can't use passwords from /etc/passwd for mschap. You will find it
that thread that he had NT hashed passwords to use.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list