802.1x eap via freeradius over 1131APs to wlc4402 on ent suse with 2003 AD

Alan DeKok aland at deployingradius.com
Fri Jan 14 07:19:34 CET 2011

Jason Hall wrote:
> Ok, I connect to the wireless with my client cert installed, I get a see an eap exchange but cannot connect.
> I've been looking over this for days now, just wanted to get some advice/help because I'm honestly lost at this point.

  See http://networkradius.com/freeradius.html

  While there's a lot of text, it's pretty easy to read when something
goes wrong.  Look for "error" or "warning" or "fail".

> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
> [mschap] No Cleartext-Password configured.  Cannot create NT-Password.
> [mschap]   NT Domain delimeter found, should we have enabled with_ntdomain_hack?
> [mschap] Told to do MS-CHAPv2 for (domain)\(username) with NT-Password
> [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] returns reject

  You didn't tell the server the "known good" password for the user.

  Alan DeKok.

More information about the Freeradius-Users mailing list