On Feb 2, 2016, at 4:06 PM, Greg Mischel Smith <gregms@gmail.com> wrote:
I'm sorry if I caused confusion, but getting this to work in plain/clear-text has never been an issue. Yes I've done plenty of radtest, I've read lots and lots of threads, but I was still having trouble and had specific questions so I came here.
You should make it clear what you've done, and why. When you post a message where the server complains about "No Cleartext-Password", that makes it look like you haven't bothered reading the server output.
My desire is to use encrypted passwords in OpenLDAP and somehow make this work.
http://deployingradius.com/documents/protocols/compatibility.html This is pointed to from the Wiki, among other places.
GTC seems to be the only option but Android and Mac (in particular) keep trying to choose mschapv2.
Did you configure those systems to use GTC?
From the thread so far, I was getting the impression I should be able to make it work so that's what I was trying.
"Just make it work" is not a thing computers do.
Maybe I misunderstood, but I thought what was being said was to just set the default in the eap file in the PEAP section to GTC.
Yes. That works to set the default eap type. BUT the supplicant can ask for another EAP type.
But if I do an encrypted or unencrypted password, it tries mschapv2 first (despite the default in eap being set to GTC). Am what I'm doing practical and possible?
Yes. Configure the supplicant to use GTC. Configure the server to use GTC. If you just configure one end, it won't work. BOTH have to be set to use GTC. Alan DeKok.