Work with clear password , but not with MD5 ( but both work with radtest)

webmaster at techshop-lille.fr webmaster at techshop-lille.fr
Thu Oct 14 10:14:34 CEST 2021


Hello !

I'm using Freeradius 2.1.12 with mysql Backend and a Ubiquity/Unify network for authenticating my wireless users

Actually it work fine with users in Sql DB with User-Password := value

Off course i wanted to change it for a MD5 version

So i changed User-Password with MD5-Password

Radtest is working fine , with both users using the MD5 and Clear Text password , replying me with auth and VLAN ID

but when i try to authenticate with real world Wireless users , only the users with clear text password are working

the test users with MD5 password only work with radtest
I've parsed the log , and here is what seem to be different from real world vs radtest :
--------------------
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: stephaneb
[mschap] Told to do MS-CHAPv2 for stephaneb with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.

-----------------------------
Can you help me ?

thanks a lot !


More information about the Freeradius-Users mailing list