jck-freeradius@southwestern.edu wrote:
rlm_mschap: Told to do MS-CHAPv2 for johnk with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
That's pretty definitive.
My thoughts are that SQL and MSCHAP should be in the authorization section, and MSCHAP and EAP should be in authentication.
"eap" should be in the "authorize" section, too. That's the way the server comnes configured.
I am storing NTLM passwords in my SQL server. ... | 1490 | johnk | User-Password | == | 0393A990E3426721695109AB020K4E1C:FBFR81520C5BDDENOTREALPASSWORD33 |
No, you're not. You're telling the server that the clear-text password is a hex string, which it's not. If you want to store the NT-hashed passwords in SQL, use the "NT-Password" attribute, and ensure that the value is 32 bytes of hex data. But before you do that, I would STRONGLY suggest storing a simple clear-text password in SQL, like "test". Verify that it works, and THEN start storing NT password. By trying to configure 3 things at the same time, you guarantee that you can't possible figure out which one of the three is failing. Alan DeKok.