..::Change to MD5 passwords::..
Matthew Newton
mcn4 at leicester.ac.uk
Tue Apr 24 00:02:41 CEST 2012
On Mon, Apr 23, 2012 at 04:36:04PM -0500, Reyes Jimenez Alfonso Alejandro wrote:
> I tried and I'm getting the same issue.
>
> Here's the debug.
Ah, it's clear now.
> EAP-Message = 0x0206002b19001703010020cba7d86600d185f93548bb4b8a904a38a9374114ae4f376530f2636234997179
...
> [peap] processing EAP-TLS
PEAP
...
> [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] Creating challenge hash with username: bob
> [mschap] Told to do MS-CHAPv2 for bob with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] returns reject
> [eap] Freeing handler
> ++[eap] returns reject
> Failed to authenticate the user.
> expand: password incorrecto -> password incorrecto
MS-CHAPv2
> I think I'm missing something on the configuration, any ideas?
You can't store passwords in MD5 for PEAP/MS-CHAPv2. You have
three options - clear text, LM-hash or NT-hash.
I'll add the link. I don't think it's been posted today so far...
http://deployingradius.com/documents/protocols/compatibility.html
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list