[again] Error "[mschap] No Cleartext-Password configured. Cannot create LM-Password."

Alan DeKok aland at deployingradius.com
Mon Jul 15 22:02:47 CEST 2013


Holger Wesser wrote:
> I've googled a while and found different solutions for the error
> message: [mschap] No Cleartext-Password configured.  Cannot create
> LM-Password.

  There's only one solution: give the server a "known good" password.
e.g. Cleartext-Password, or NT-Password.

> What I've done is, to establish the following setup: Debian 7.1, Samba3,
> OpenLDAP and freeradius 2.1.12 (everything on the same machine). A VPN
> gateway forwards the authentication requests to the freeradius-server.

  PLEASE use "radiusd -X" as suggested everywhere.  The additional "-x"
is not needed, and is just annoying.

  The relevant output is:

 [ldap] performing search in dc=example,dc=com, with filter (uid=testuser)
 [ldap] Added User-Password = {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxx in check
items

  SSHA passwords are fundamentally incompatible with MS-CHAP.

http://deployingradius.com/documents/protocols/compatibility.html

  Alan DeKok.


More information about the Freeradius-Users mailing list