Having trouble with MSCHAP
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Dec 5 19:06:18 CET 2011
Hi,
> I configured Freeradius 2.1.10 Debian 6.0.2 using EAP-TLS authentication.
> I generated the client and server certificated with XP extention. I
> created my certificated in the freeradius server, is that ok? or I have to
> create it in a different machine? I am validating my client (Windows XP)
> with the server and I get this error:
the answers are in the debug output you posted.....just go through
the 'PEAP ping/pong' until the inner-tunnel ahs been established
and the actual auth is done....its near the bottom..
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] NT Domain delimeter found, should we have enabled
> with_ntdomain_hack?
> [mschap] Creating challenge hash with username: PDVSA2000\TORREALBAW
> [mschap] Told to do MS-CHAPv2 for PDVSA2000\TORREALBAW with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
have you set with_ntdomain_hack = yes ? have you configured the RADIUS
so that the realm PDVSA2000 is known (add it to proxy.conf like
realm PDVSA2000 {
}
alan
More information about the Freeradius-Users
mailing list