The only way I found to make it works is setting the following lines in the user file:
vi users:
avillaverde Auth-Type := MSCHAP, Cleartext-Password = "123456"
It works, but how do you handle 1000 users for example? It turns very difficult to manage the user passwords.
For instance, if the user change the password in the linux box, then you need to edit the users file to replicate that password.
I have running tacacs+ in the same box, and the user only has to use an unique password for radius and tacacs defined by passwd. I am using PAM authentication for this.
On the other hand, If I work with PAP I can handle the users like a Linux user, so the managament is easier and it depends on the final user. The user can access the linux box and change his password with a simple passwd and all is replicated for tacacs and freeradius. It is the way how is working today, but I was requested to set MSCHAP authentication due to security audits.
When user try to access wireless controller, he puts his password and then radius checks the password with the passwd file or shadow file without any necesity of "editing radius users file"
I think I am missing something regarding how to set MSCHAP authentication, and that radius checks the password without using Cleartext-Password in the USERS file.
I dont know if I am clear enough for you. Sorry for my poor english.