I have a windows client trying to set up L2TP tunnel with my linux router. The linux router talks with the RADIUS server. The authentication is failing because the request is using MS-CHAP and my server cannot handle MS-CHAP. I am not sure what is missing from the configuration on the server. I have the cleartext password in the users file for the "temp" user I am trying to authenticate. Following is the debug output -<div>
<br></div><div><div>rad_recv: Access-Request packet from host 10.1.0.33 port 46487, id=142, length=140</div><div> Service-Type = Framed-User</div><div> Framed-Protocol = PPP</div><div> User-Name = "temp"</div>
<div> MS-CHAP-Challenge = 0xa71f9d0753274da79dfe6f0eb2c1b693</div><div> MS-CHAP2-Response = 0xea00de5395669cc1880bf8b0020b2b96b4230000000000000000fada537f1a8f3b12453fc739d08219f28644ccfb11ba0225</div><div> Calling-Station-Id = "l2tp"</div>
<div> NAS-IP-Address = 127.0.1.1</div><div> NAS-Port = 0</div><div># Executing section authorize from file /etc/freeradius/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div>
<div>++[chap] returns noop</div><div>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'</div><div>++[mschap] returns ok</div><div>++[digest] returns noop</div><div>[suffix] No '@' in User-Name = "temp", looking up realm NULL</div>
<div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div><div>++[eap] returns noop</div><div>[files] users: Matched entry DEFAULT at line 172</div><div>
++[files] returns ok</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div>
<div>++[pap] returns noop</div><div>Found Auth-Type = MSCHAP</div><div># Executing group from file /etc/freeradius/sites-enabled/default</div><div>+- entering group MS-CHAP {...}</div><div>[mschap] No Cleartext-Password configured. Cannot create LM-Password.</div>
<div>[mschap] No Cleartext-Password configured. Cannot create NT-Password.</div><div>[mschap] Creating challenge hash with username: temp</div><div>[mschap] Told to do MS-CHAPv2 for temp with NT-Password</div><div>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.</div>
<div>[mschap] FAILED: MS-CHAP2-Response is incorrect</div><div>++[mschap] returns reject</div><div>Failed to authenticate the user.</div><div>Login incorrect: [temp] (from client temp-radius port 0 cli l2tp)</div><div>Using Post-Auth-Type Reject</div>
<div># Executing group from file /etc/freeradius/sites-enabled/default</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] expand: %{User-Name} -> temp</div><div> attr_filter: Matched entry DEFAULT at line 11</div>
<div>++[attr_filter.access_reject] returns updated</div><div>Delaying reject of request 4 for 1 seconds</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div><div>Sending delayed reject for request 4</div>
<div>Sending Access-Reject of id 142 to 10.1.0.33 port 46487</div><div>Waking up in 4.9 seconds.</div><div>Cleaning up request 4 ID 142 with timestamp +1310</div><div>Ready to process requests.</div></div><div><br></div>