MS-CHAP2-Response is incorrect + invalid NT-Password

omega bk omegabk at
Mon Mar 15 09:52:40 CET 2010


i'm still stuck and don't know how to make it work

i added in ldap.attrmap:
checkItem       Cleartext-Password              userPassword
checkItem       NT-password                        userPassword

but i stil have:

[ldap]     expand: %{User-Name} -> bernard
[ldap]     expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard)
[ldap]     expand: dc=example,dc=com -> dc=example,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=example,dc=com, with filter (cn=bernard)
[ldap] Added User-Password = test  in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] userPassword -> NT-Password == 0x7465737420
  [ldap] userPassword -> Cleartext-Password == "test "
[ldap] looking for reply items in directory...
[ldap] user bernard authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
*[mschap] Invalid NT-Password
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect*
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject

I don't understand why i still got an invalid NT-Password.

thanks for your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list