LDAP PEAPv0/MSCHAPv2 Authentication
Alan DeKok
aland at deployingradius.com
Tue Aug 4 10:23:18 CEST 2009
Nicholas Cappelletti wrote:
> After a little trial and error, and not changing anything on the wireless client side, I got FreeRADIUS to use mschap, but I'm now getting this error:
>
> [mschap] No MS-CHAP-Challenge in the request
> ++[mschap] returns reject
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> nick
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
>
>
> I didn't have anything in the LDAP database for the user, but once I added radiusAuthType mschap, I am not being rejected, which is better then nothing I guess.
DON'T DO THAT.
Setting Auth-Type manually will break the server. (Almost always).
> Again, when I'm using the users file, I have no isssue authenticating. Is there something more I have to add to the users to allow this to work. Again, thank for the help and/or guidance.
Ensure that LDAP returns a clear-text password to FreeRADIUS. All of
the authentication methods will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list