On Tue, Feb 2, 2016 at 11:28 AM, Alan DeKok <aland@deployingradius.com> wrote:
(7) eap_mschapv2 : Auth-Type MS-CHAP { (7) WARNING: mschap : No Cleartext-Password configured. Cannot create LM-Password (7) WARNING: mschap : No Cleartext-Password configured. Cannot create NT-Password (7) mschap : Creating challenge hash with username: testuser (7) mschap : Client is using MS-CHAPv2 (7) ERROR: mschap : FAILED: No NT/LM-Password. Cannot perform authentication
It's not like the server is TELLING YOU what's going wrong.
Did you try configuring a Cleartext-Password for the user?
I'm sorry if I caused confusion, but getting this to work in plain/clear-text has never been an issue. Yes I've done plenty of radtest, I've read lots and lots of threads, but I was still having trouble and had specific questions so I came here. My desire is to use encrypted passwords in OpenLDAP and somehow make this work. GTC seems to be the only option but Android and Mac (in particular) keep trying to choose mschapv2. From the thread so far, I was getting the impression I should be able to make it work so that's what I was trying. Maybe I misunderstood, but I thought what was being said was to just set the default in the eap file in the PEAP section to GTC. But if I do an encrypted or unencrypted password, it tries mschapv2 first (despite the default in eap being set to GTC). Am what I'm doing practical and possible?