On Dec 1, 2020, at 10:02 AM, David Musoke <dmusoke@umu.ac.ug> wrote:
Hello Folks, Am trying to set up authentication using open ldap and freeradius. When I run a radtest for one of my users in ldap, i receive access-accept msg But when I try authenticating from a windows or Mac Os user I don't succeed.
Yes.
Below is my debug out-put when i try to authenticate from a windows machine
Reading it helps.
... rlm_ldap (ldap): Connecting to ldap://196.43.180.28:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (7) [ldap] = updated (7) [expiration] = noop (7) [logintime] = noop (7) pap: Converted: &control:Password-With-Header -> &control:SSHA1-Password (7) pap: Removing &control:Password-With-Header (7) pap: Normalizing SSHA1-Password from base64 encoding, 32 bytes -> 24 bytes
That's a nice password format.
(7) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (7) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (7) mschap: Creating challenge hash with username: dmusoke@umu.ac.ug (7) mschap: Client is using MS-CHAPv2 (7) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
The MS-CHAP module is telling you what it needs. Hint: it's not SSHA1-Password. http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok.