Help migrating from 1.1.7 to 2.1.10 - clear text password being lost

John Hayward john.hayward at
Thu Mar 10 19:48:26 CET 2011

Hi Radius Fans,
I am trying to move our current environment from 1.1.7 to 2.1.10 and are having a problem getting things to work.

We have a Novell NDSLdap server which provides clear text passwords for Novell users.
We are using peap-mschapv2.

In looking at the logs and Eap-Messages we see:
response 01 identity (username) -> server
   The server looks up the user in ndsldap and:
    Info: [ldap] Added the eDirectory password (password removed) in check items as Cleartext-Password
    Then the server sends a request 02 to use EAP-TLS
    There are a series of responses (mostly appear to be ack) and requests to get the tunnel setup
    which succeeds.
Near the end the client sends a response (ID=8) which is a response to the mschap2 challenge.
When the server is processing this response it reports:
   Info: [mschap] No Cleartext-Password configured.  Cannot create LM-Password.

I put in some additional debugging and found that address of the request->config_item has changed from when the ldap module put the cleartext password in as a pair and when the mschap module attempts to remove it.

The ldap module is called in authorize and the mschap is called in authenticate.

What might be causing the request->config to be at a different location between when the clear text password is stored and when it is needed to authenticate?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list