On Mon, Apr 23, 2012 at 04:36:04PM -0500, Reyes Jimenez Alfonso Alejandro wrote:
I tried and I'm getting the same issue.
Here's the debug.
Ah, it's clear now.
EAP-Message = 0x0206002b19001703010020cba7d86600d185f93548bb4b8a904a38a9374114ae4f376530f2636234997179
...
[peap] processing EAP-TLS
PEAP ...
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: bob [mschap] Told to do MS-CHAPv2 for bob with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. expand: password incorrecto -> password incorrecto
MS-CHAPv2
I think I'm missing something on the configuration, any ideas?
You can't store passwords in MD5 for PEAP/MS-CHAPv2. You have three options - clear text, LM-hash or NT-hash. I'll add the link. I don't think it's been posted today so far... http://deployingradius.com/documents/protocols/compatibility.html Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>