EAP-TTLS with mschapv2 inner authentication issue
Fajar A. Nugraha
fajar at fajar.net
Tue Aug 31 11:56:30 CEST 2010
On Tue, Aug 31, 2010 at 4:23 PM, <matteo at crs4.it> wrote:
> Hello all,
> I'm trying to use Freeradius 21.1.9 EAP-TTLS with MSCHAPv2 as inner
> authentication against an OpenLDAP server with crypt password encryption
> scheme.
Short answer: you can't.
MSCHAPv2 needs clear text password. You can't use MSCHAPv2 with
crypt-ed password.
... which the logs says quite clearly btw:
Tue Aug 31 11:12:04 2010 : Info: [ldap] looking for reply items in directory...
Tue Aug 31 11:12:04 2010 : Debug: WARNING: No "known good" password
was found in LDAP. Are you sure that the user is configured
correctly?
Tue Aug 31 11:12:04 2010 : Info: [mschap] No Cleartext-Password
configured. Cannot create LM-Password.
Tue Aug 31 11:12:04 2010 : Info: [mschap] No Cleartext-Password
configured. Cannot create NT-Password.
Tue Aug 31 11:12:04 2010 : Info: [mschap] Told to do MS-CHAPv2 for
matteo at crs4.it with NT-Password
Tue Aug 31 11:12:04 2010 : Info: [mschap] FAILED: No NT/LM-Password.
Cannot perform authentication.
--
Fajar
More information about the Freeradius-Users
mailing list