Khapare Joshi khapare77 at
Mon Apr 30 00:28:44 CEST 2012

Hi Alan,

thanks for your quick reply. I have re-look the configs and readme, and
figure it out the issue why connection was not established. It was the pptp
config file misconfiguration. I got the successfull connection. Then i
tested with ldap authentication - configured /etc/modules/ldap section
according to my ldap stuff and in sites-enabled/default enabled the ldap
After that, restarted pptpd and re-run radiusd -X mode.

itested with ldap account in localhost commandline as :

localhost#radtest radiustest thepassword localhost 1812 testing123
Sending Access-Request of id 211 to port 1812
User-Name = "radiustest"
User-Password = "thepassword"
NAS-IP-Address =
NAS-Port = 1812
rad_recv: Access-Accept packet from host port 1812, id=211,

So this looks good, then I tried from windows machine and i get
authentication failed.

WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldap] user nemandi authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: radiustest
[mschap] Told to do MS-CHAPv2 for radiustest with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject

As per log it mschap need cleartext password, and ldap does not store
password in clear text. I do not want to integrate to windows server or
samba stuff if possible. How can I achieve ldap authentication without
installing samba and adding radius server into active directory ?


On Sat, Apr 28, 2012 at 5:26 PM, Alan DeKok <aland at>wrote:

> Khapare Joshi wrote:
> > i think radius and pptp are talking together now, but when i connect to
> > vpn server from windows machine it looks authentication is working -
> > however it doesnt get connected "it says registering your comptuer on
> > the network" and returns back.
> >
> > What I am missing here.
>   The RADIUS server is returning Access-Accept.  This means that it
> thinks the user is OK.
> > Apr 27 16:40:33 ioj-d00 pppd[2869]: LCP terminated by peer
> > (^@M-h^NM-^Z^@<M-Mt^@^@^@^@)
>   PPPD thinks that the PC is closing the connection.
> > what i am missing !!
>   Not much.  Find out why the PC is closing the connection.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list