LDAP PEAPv0/MSCHAPv2 Authentication

Alan DeKok aland at deployingradius.com
Tue Aug 4 10:23:18 CEST 2009


Nicholas Cappelletti wrote:
> After a little trial and error, and not changing anything on the wireless client side, I got FreeRADIUS to use mschap, but I'm now getting this error:
> 
> [mschap] No MS-CHAP-Challenge in the request
> ++[mschap] returns reject
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> nick
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> 
> 
> I didn't have anything in the LDAP database for the user, but once I added radiusAuthType mschap, I am not being rejected, which is better then nothing I guess.

  DON'T DO THAT.

  Setting Auth-Type manually will break the server.  (Almost always).

> Again, when I'm using the users file, I have no isssue authenticating.  Is there something more I have to add to the users to allow this to work.  Again, thank for the help and/or guidance. 

  Ensure that LDAP returns a clear-text password to FreeRADIUS.  All of
the authentication methods will work.

  Alan DeKok.



More information about the Freeradius-Users mailing list