ok so i edited /etc/raddb/sites-enabled/default and commented pap from authorize { ... } and commented Auth-Type PAP { pap } from authenticate { ... } but i still have the same error . i have also created a new user betatesting1 i have also tested in the local shell (although it attempts mschapv1) and it gives me the same error [root@be-vpn ~]# radtest -t mschap betatesting1 secret 127.0.0.1 1812 myubersecretpassword Sending Access-Request of id 13 to 127.0.0.1 port 1812 User-Name = "betatesting1" NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x00000000000000000000000000000000 MS-CHAP-Challenge = 0xdca09b5922346674 MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000048cc2307c5dcb95d9cdc59f621d5d7e4b17c391d8ab5b4f4 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=13, length=112 MS-CHAP-Error = "\000E=691 R=1 C=f20ec16aa685d6a06f1ed900857d9c0e V=3 M=Re-enter (or reset) the password" On 8/6/2013 6:31 PM, Phil Mayers wrote:
On 06/08/13 16:04, Horatiu Nimigean wrote:
i have pptpd on a centos 6 box configured to use radius for auth. radius in turn checks credentials in ldap. the user in ldap has a samba extension and a configured password (i used ldap account manager to set it up) it also has a sambaNTPassword field and it's populated. rpm -q freeradius gives freeradius-2.1.12-4.el6_3.x86_64
the auth fails however when i try conencting from my windows8 client. i need to mention that i am sure i'm inputting correct passwords.
I you are *really* sure of this (have you created a test user with a simple password?), then it might be the PAP module "helpfully" fiddling with the password:
[pap] Normalizing NT-Password from hex encoding [pap] Normalizing SSHA1-Password from base64 encoding
Try commenting out "pap", since you're not using it - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html