Authentication with mschap

[Alan DeKok]

Eric Bourkland wrote:
> No Cleartext-Password configured.  Cannot create LM-Password
> No Cleartext-Password configured.  Cannot create NT-Password
> Told to do MS-CHAPv2 for test.user with NT-Password
> FAILED: No NT/LM-Password. Cannot perform authentication.
> FAILED: MS-CHAP2-Response is incorrect.

  Which is what you posted before.  This doesn't help.

> what it looks like to me is that Radius isn't getting the Cleartext-Password from the laptop client, I don't know if this the case or not.  the laptop client is Window's XP pro build and some Vista, and whatever else a guest may bring in.  I assumed that it would pass the password in the Cleartext-Password attribute when using the MS-CHAPv2, I need to confrim this.  I can get it to work if I install SecureW2 but I've been told that asking everyone to install it on the laptops isn't an option.
> This protocol is relatively new to me at least how all the various pieces of software handle it.
> I know I'm close I just need help being pointed in the right direction on where the disconnect is occuring.  right now I am pretty certain it is not between Radius and my openLDAP.

  The issue is that the NT password is NOT being read from LDAP, and is
NOT being given to FreeRADIUS.

  Read the REST of the debug output to see why.  Or failing that, post
the debug output here, as suggested in the FAQ, README, INSTALL, "man"
page, and nearly daily on this list.

  Posting the last 2-3 lines of "authentication failed" is nearly useless.

  Alan DeKok.