Freeradius + MySQL + Daloradius

Alan DeKok aland at
Wed Apr 10 13:50:50 CEST 2013

Erik Sellgren wrote:
> I am trying to setup wireless authentication through my mikrotik router
> using freeradius with mysql and daloradius. I have the server setup and
> working, I can use NTradtest from my pc and I get Access-Accept messages
> in return with my cleartext user/password, username userclear password
> clear. But when I set it all up and try to access the wireless with the
> same credentials it is an access-reject. See below
> # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
> [mschap] No Cleartext-Password configured.  Cannot create NT-Password.
> [mschap] Creating challenge hash with username: userclear
> [mschap] Told to do MS-CHAPv2 for userclear with NT-Password
> [mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] returns reject
> Failed to authenticate the user.
> After reading the top of inner-tunnel I used the test they said to use :
> radtest USER PASSWORD 0 testing123

  It also says to try MSCHAP.  Or at least recent versions say this.

> When I use my user it fails, when I use the test user "user" and "pass"
> it succeeds. So do I have my innertunnel setup wrong or something? I
> have sql uncommented in /etc/raddb/sites-available/inner-tunnel
>  Please let me know what info you need and I can supply it, please help
> me debug this issue.

  You've conveniently deleted nearly all of the debug output.  This
isn't useful.

  From what little is there, it seems you're forcing Auth-Type to
MSCHAP.  This is wrong.  See the FAQ.

  Instead (as the output shows) you need to supply a Cleartext-Password,
and then let FreeRADIUS figure out which authentication method to use.

  Alan DeKok.

More information about the Freeradius-Users mailing list