29 Sep
2016
29 Sep
'16
10:15 a.m.
On 29/09/2016 12:32, Jan-Christoph Fuchs wrote:
No I have changed the Database table radcheck to store MD5-Password. Tests with radtest works, but livetest will be rejected.
I really dont know much about protocolls (pap, chap, eap and so on) Debigging freeradius told me that radtest uses pap
You can use "radtest -t mschap ...." to check with MSCHAP authentication.
[eap] processing type mschapv2
It looks like your wireless clients are using PEAPv0, which is a TLS tunnel on the outside and MSCHAP on the inside. This is the "normal" way of doing wireless authenticate. However, you cannot authenticate MSCHAP with an MD5-hashed password. You need either the cleartext password, or the NT LAN Manager password hash.