freeradius+WinXP-PEAP+PAM

Phil Mayers p.mayers at imperial.ac.uk
Sun Jul 9 14:03:10 CEST 2006


Muthu wrote:
> Hi,
> 
> I am trying to use PAM authentication with freeradius for Win XP client
> (PEAP). I am getting error in the tls section.
> 

You cannot use PAM to answer PEAP/MS-CHAP requests. You must either have 
the plaintext password for the user, the NT or LM hashes for their 
password, or access to an NT domain controller and use the "ntlm_auth" 
helper in the mschap module.

>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 5
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/mschapv2
>   rlm_eap: processing type mschapv2
>   Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 5
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>   rlm_mschap: Told to do MS-CHAPv2 for muthu with NT-Password
>   rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
>   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>   modcall[authenticate]: module "mschap" returns reject for request 5
> modcall: leaving group MS-CHAP (returns reject) for request 5
>   rlm_eap: Freeing handler
>   modcall[authenticate]: module "eap" returns reject for request 5
> modcall: leaving group authenticate (returns reject) for request 5




More information about the Freeradius-Users mailing list