Connect problem

Henrik Kressner kressner at synkro.dk
Fri Jul 1 14:08:44 CEST 2016


On 01-07-2016 13:57, Alan DeKok wrote:
> On Jul 1, 2016, at 5:02 AM, Henrik Kressner <kressner at synkro.dk> wrote:
>> I get this response:
>> ....
>> (133) eap: Peer sent packet with method EAP MSCHAPv2 (26)
>> (133) eap: Calling submodule eap_mschapv2 to process data
>> (133) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> (133) eap_mschapv2:   Auth-Type MS-CHAP {
>> (133) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
>> (133) mschap: WARNING: No Cleartext-Password configured.  Cannot create LM-Password
>> (133) mschap: Creating challenge hash with username: bob
>> (133) mschap: Client is using MS-CHAPv2
>> (133) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform authentication
>> (133) mschap: ERROR: MS-CHAP2-Response is incorrect
>> (133)     [mschap] = reject
>> (133)   } # Auth-Type MS-CHAP = reject
>> (133) eap: Sending EAP Failure (code 4) ID 24 length 4
>> (133) eap: Freeing handler
>> ....
>>
>>
>> What does it mean?
>    It means that  the server can't authenticate the user, because it has no idea what the *good* password is for the user.
>
>    As the message says, set Cleartext-Password.  It will then work.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I believe I did just that in the file: /usr/local/etc/raddb/users


# The canonical testing user which is in most of the
# examples.
#
bob     Cleartext-Password := "hello"
         Reply-Message := "Hello, %{User-Name}"
#


And it works both on the server and on the NAS with radtest ?


-- 

-------------------------------------------
Med venlig hilsen / Yours Sincerly
Henrik Kressner
kressner at synkro.dk
Ingeniørfirmaet Synkro / Synkro Engineering
Vædevej 64
5462 Morud
http://www.synkro.dk
Direkte 40 37 40 87



More information about the Freeradius-Users mailing list