Alan Buxey wrote
....and what type of request is coming through? - check the mschap module to see the challenge response example.... and 'radiusd -X' for help does help...
Alan, thank you, my wireless controller was set to send MSCHAP-v2. Changing the controller to PAP allows it to complete a successful radius ping. However, I have moved onto another problem, an 802.1x client will not authenticate sending EAP-PEAP/EAP-MSCHAP-v2. I received the following log output from radius: [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/default [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: root [mschap] Told to do MS-CHAPv2 for root with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. My mschap module is configured as follows: mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{% {Stripped-User-Name}:-%{mschap:User-Name:-None}} --challenge=% {mschap:Challenge:-00} –nt-response=%{mschap:NT-Response:-00}" } I have also tried: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-domain.net} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Please let me know if you see my errors, or have thoughts. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Getting-NT-STATUS-WRONG-PASSWORD-Wro... Sent from the FreeRadius - User mailing list archive at Nabble.com.