On 01-07-2016 13:57, Alan DeKok wrote:
On Jul 1, 2016, at 5:02 AM, Henrik Kressner <kressner@synkro.dk> wrote:
I get this response: .... (133) eap: Peer sent packet with method EAP MSCHAPv2 (26) (133) eap: Calling submodule eap_mschapv2 to process data (133) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (133) eap_mschapv2: Auth-Type MS-CHAP { (133) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (133) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (133) mschap: Creating challenge hash with username: bob (133) mschap: Client is using MS-CHAPv2 (133) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (133) mschap: ERROR: MS-CHAP2-Response is incorrect (133) [mschap] = reject (133) } # Auth-Type MS-CHAP = reject (133) eap: Sending EAP Failure (code 4) ID 24 length 4 (133) eap: Freeing handler ....
What does it mean? It means that the server can't authenticate the user, because it has no idea what the *good* password is for the user.
As the message says, set Cleartext-Password. It will then work.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I believe I did just that in the file: /usr/local/etc/raddb/users # The canonical testing user which is in most of the # examples. # bob Cleartext-Password := "hello" Reply-Message := "Hello, %{User-Name}" # And it works both on the server and on the NAS with radtest ? -- ------------------------------------------- Med venlig hilsen / Yours Sincerly Henrik Kressner kressner@synkro.dk Ingeniørfirmaet Synkro / Synkro Engineering Vædevej 64 5462 Morud http://www.synkro.dk Direkte 40 37 40 87