Problems with wifi authentication: [mschap] No Cleartext-Passwordconfigured...

Leonardo Marques surf3r0 at gmail.com
Fri Dec 5 16:52:31 CET 2008 

Hi Ivan,

First thank you for that link you've sent to me. An

It worked fine with PAP ;)

Thanks again,

[]s

On Thu, Dec 4, 2008 at 4:58 PM,  <tnt at kalik.net> wrote:
>>I'm with problems on my first radius authentication server for
>>wireless clients. I've made some progress, but now I'm with problems
>>that I don't know how to solve.
>>
>>I want to use the NIS user database.
>>
>
> That's your problem right there.
>
>>Freeradius version: 2.1.1, compiled from source on mandriva 2008.1
>>(yes, i don't like mandriva, but i have to use it)
>>
>>With radtest, I already can authenticate with users located on
>>/etc/raddb/users/ , /etc/passwd and NIS' users:
>>
>>Example:
>>leonardolocal at lcc56:~$ radtest leonardo lalala 172.16.0.2 0 xpto
>>Sending Access-Request of id 65 to 172.16.0.2 port 1812
>>User-Name = "leonardo"
>>User-Password = "radius1234"
>>NAS-IP-Address = 127.0.1.1
>>NAS-Port = 0
>>rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=65, length=20
>>leonardolocal at lcc56:~$ radtest usuario1 lalala 172.16.0.2 0 xpto
>>Sending Access-Request of id 57 to 172.16.0.2 port 1812
>>User-Name = "usuario1"
>>User-Password = "senha1"
>>NAS-IP-Address = 127.0.1.1
>>NAS-Port = 0
>>rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=57, length=20
>>leonardolocal at lcc56:~$ radtest localradius lalala 172.16.0.2 0 xpto
>>Sending Access-Request of id 135 to 172.16.0.2 port 1812
>>User-Name = "localradius"
>>User-Password = "radius1234"
>>NAS-IP-Address = 127.0.1.1
>>NAS-Port = 0
>>rad_recv: Access-Accept packet from host 172.16.0.2 port 1812, id=212, length=20
>>
>
> Crypted passwords and pap work fine.
>
>>Until here, everything was ok, the problems begins when I try
>>authenticate through wireless access point:
>>
>>The PEAP doesn't work. And by TTLS/MSCHAPv2 works, but only for users
>>located on the /etc/raddb/users file, and not for NIS' or passwd'
>>users.
>>
>>Error that happens when a I try connect with TTLS/MSCHAPv2 and with
>>user not listed on the /etc/raddb/users file:
>>
>>Found Auth-Type = MSCHAP
>>+- entering group MS-CHAP {...}
>>[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
>>[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
>>[mschap] Told to do MS-CHAPv2 for leonardo with NT-Password
>>[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
>>[mschap] FAILED: MS-CHAP2-Response is incorrect
>>++[mschap] returns reject
>>Failed to authenticate the user.
>>
>
> But not with mschap:
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> You can't use passwords from /etc/passwd for mschap. You will find it
> that thread that he had NT hashed passwords to use.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



-- 
---------------------------
Leonardo Marques
---------------------------
Blog: BeNerd.analyx.org
Website: www.analyx.org

More information about the Freeradius-Users mailing list