Problems with wifi authentication: [mschap] No Cleartext-Password configured...

Thu Dec 4 18:50:36 CET 2008

Hi guys,

I'm with problems on my first radius authentication server for
wireless clients. I've made some progress, but now I'm with problems
that I don't know how to solve.

I want to use the NIS user database.

Freeradius version: 2.1.1, compiled from source on mandriva 2008.1
(yes, i don't like mandriva, but i have to use it)

With radtest, I already can authenticate with users located on
/etc/raddb/users/ , /etc/passwd and NIS' users:

Example:
leonardolocal at lcc56:~$ radtest leonardo lalala 172.16.0.2 0 xpto
Sending Access-Request of id 65 to 172.16.0.2 port 1812
User-Name = "leonardo"
User-Password = "radius1234"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=65, length=20
leonardolocal at lcc56:~$ radtest usuario1 lalala 172.16.0.2 0 xpto
Sending Access-Request of id 57 to 172.16.0.2 port 1812
User-Name = "usuario1"
User-Password = "senha1"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=57, length=20
leonardolocal at lcc56:~$ radtest localradius lalala 172.16.0.2 0 xpto
Sending Access-Request of id 135 to 172.16.0.2 port 1812
User-Name = "localradius"
User-Password = "radius1234"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=212, length=20

Until here, everything was ok, the problems begins when I try
authenticate through wireless access point:

The PEAP doesn't work. And by TTLS/MSCHAPv2 works, but only for users
located on the /etc/raddb/users file, and not for NIS' or passwd'
users.

Error that happens when a I try connect with TTLS/MSCHAPv2 and with
user not listed on the /etc/raddb/users file:

Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for leonardo with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.

I've uploaded the /etc/raddb/radiusd.conf,/ etc/raddb/eap.conf, module
/etc/raddb/modules/mschap and also a log from the radiusd -X with a
login try which generates the above error and the radiusd startup on
the server: http://ivete.fis.unb.br/fradius/

I've found on google a discussion, on this list
(http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg48660.html),
which a guy had the same error than me, but he was using the ldap
database as user's database. And I don't understood what procedures he
used to solve his problems.

Please, if somebody have some tip, tell me, I don't know what to do anymore :/

Sorry for the poor english.

Thanks in advance,
--
---------------------------
Leonardo Marques
---------------------------
Blog: BeNerd.analyx.org
Website: www.analyx.org