Please help with my EAP config - PEAP/MSCHAP

Alan DeKok aland at
Tue Oct 23 15:02:28 CEST 2007

Nyle wrote:
> I'm trying to set up Freeradius on SuSe 9 to authenticate against LDAP on
> the same box. I can use radtest locally and ntradping from a remote
> workstation and receive an accept. So it looks like it's configured well
> enough for the direct LDAP with clients.conf. However, when I try and use a
> Windows XP Pro client with my 3COM AP it returned a reject. I've tried
> searching on the what appears to be the errors in the below log but nothing
> seems to stand out. I'm sure it's something simple I missed when following
> the online setup guides that are supposed to walk you through. I've checked
> and re-checked my eap.conf and rediusd.conf.

  There's a lot of this error:  Maybe you want to check that out.

> rlm_ldap: performing search in ou=TechSupport,ou=JeffS,o=Jeff, with filter
> (cn=auser)
> rlm_ldap: checking if remote access for auser is allowed by wirelessAccess
> rlm_ldap: Error reading Universal Password.Return Code = -16049
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...

  And there's no "known good" password found for the user.

>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>   rlm_mschap: Told to do MS-CHAPv2 for auser with NT-Password
>   rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.

  Tell the server what the users correct password is.

  Alan DeKok.

More information about the Freeradius-Users mailing list