Help migrating from 1.1.7 to 2.1.10 - clear text password being lost

Fajar A. Nugraha list at fajar.net
Thu Mar 10 22:48:10 CET 2011


On Fri, Mar 11, 2011 at 1:48 AM, John Hayward <john.hayward at wheaton.edu> wrote:
> Hi Radius Fans,
> I am trying to move our current environment from 1.1.7 to 2.1.10 and are
> having a problem getting things to work.
>
> We have a Novell NDSLdap server which provides clear text passwords for
> Novell users.
> We are using peap-mschapv2.
>
> In looking at the logs and Eap-Messages we see:
> response 01 identity (username) -> server
>    The server looks up the user in ndsldap and:
>     Info: [ldap] Added the eDirectory password (password removed) in check
> items as Cleartext-Password
>     Then the server sends a request 02 to use EAP-TLS
>     There are a series of responses (mostly appear to be ack) and requests
> to get the tunnel setup
>     which succeeds.
> Near the end the client sends a response (ID=8) which is a response to the
> mschap2 challenge.
> When the server is processing this response it reports:
>    Info: [mschap] No Cleartext-Password configured.  Cannot create
> LM-Password.

The usual response would be
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21

>From your limited info, I'd guess that the first place to look is make
sure that ldap section (for ndsldap) is listed in BOTH outer tunnel
(raddb/sites-enabled/default) and inner tunnel
(raddb/sites-enabled/inner-tunnel)

-- 
Fajar




More information about the Freeradius-Users mailing list