Freeradius + MySQL + Daloradius
Alan DeKok
aland at deployingradius.com
Wed Apr 10 13:50:50 CEST 2013
Erik Sellgren wrote:
> I am trying to setup wireless authentication through my mikrotik router
> using freeradius with mysql and daloradius. I have the server setup and
> working, I can use NTradtest from my pc and I get Access-Accept messages
> in return with my cleartext user/password, username userclear password
> clear. But when I set it all up and try to access the wireless with the
> same credentials it is an access-reject. See below
>
> # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] Creating challenge hash with username: userclear
> [mschap] Told to do MS-CHAPv2 for userclear with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
> ++[mschap] returns reject
> Failed to authenticate the user.
>
> After reading the top of inner-tunnel I used the test they said to use :
> radtest USER PASSWORD 127.0.0.1:18120 0 testing123
It also says to try MSCHAP. Or at least recent versions say this.
> When I use my user it fails, when I use the test user "user" and "pass"
> it succeeds. So do I have my innertunnel setup wrong or something? I
> have sql uncommented in /etc/raddb/sites-available/inner-tunnel
>
> Please let me know what info you need and I can supply it, please help
> me debug this issue.
You've conveniently deleted nearly all of the debug output. This
isn't useful.
From what little is there, it seems you're forcing Auth-Type to
MSCHAP. This is wrong. See the FAQ.
Instead (as the output shows) you need to supply a Cleartext-Password,
and then let FreeRADIUS figure out which authentication method to use.
Alan DeKok.
More information about the Freeradius-Users
mailing list