EAP-TTLS with mschapv2 inner authentication issue

Fajar A. Nugraha fajar at fajar.net
Tue Aug 31 11:56:30 CEST 2010


On Tue, Aug 31, 2010 at 4:23 PM,  <matteo at crs4.it> wrote:
> Hello all,
> I'm trying to use Freeradius 21.1.9 EAP-TTLS with MSCHAPv2 as inner
> authentication against an OpenLDAP server with crypt password encryption
> scheme.

Short answer: you can't.
MSCHAPv2 needs clear text password. You can't use MSCHAPv2 with
crypt-ed password.

... which the logs says quite clearly btw:

Tue Aug 31 11:12:04 2010 : Info: [ldap] looking for reply items in directory...
Tue Aug 31 11:12:04 2010 : Debug: WARNING: No "known good" password
was found in LDAP.  Are you sure that the user is configured
correctly?

Tue Aug 31 11:12:04 2010 : Info: [mschap] No Cleartext-Password
configured.  Cannot create LM-Password.
Tue Aug 31 11:12:04 2010 : Info: [mschap] No Cleartext-Password
configured.  Cannot create NT-Password.
Tue Aug 31 11:12:04 2010 : Info: [mschap] Told to do MS-CHAPv2 for
matteo at crs4.it with NT-Password
Tue Aug 31 11:12:04 2010 : Info: [mschap] FAILED: No NT/LM-Password.
Cannot perform authentication.

-- 
Fajar



More information about the Freeradius-Users mailing list