[ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}$1$94hl3NgJ$AuuZleae5i2GkzrT9XIye0"
"crypt" passwords cannot be used to do MS-CHAP. It is impossible. MS-CHAP requires either the cleartext password or NT/LM hashes. See: http://deployingradius.com/documents/protocols/compatibility.html
[ldap] looking for reply items in directory... [ldap] user mahendra authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/default [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: mahendra [mschap] Told to do MS-CHAPv2 for mahendra with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
...because you only have crypt passwords, it fails. You MUST store plaintext or nt/lm hashes if you want to do PEAP/MSCHAP