Enterasys Wireless controller with Mgmt user authentication via RADIUS MSCHAP

Alan DeKok aland at deployingradius.com
Wed Oct 29 20:30:50 CET 2014


Alan Alejandro Villaverde wrote:
> The problem is that when I set WLC to authenticate via radius using
> MSCHAP I get Access-reject. 

  Read the debug output to see why.  This is suggested in the FAQ, "man"
page, web pages, and daily on this list.

> First of all, I keep the radius config files as default and when
> debugging it I noticed that for some reason radius is trying to
> authenticate by UNIX Cleartext Password.

  I don't know what that means.

> For PAP authentication it is ok and all works great but not for MSCHAP.
> 
> Then, I set Auth-type = MSCHAP in "users" config file

  Don't do that.  It will break things.  It's not necessary.

> and here the
> things changed. The auth now is done by mschap but it is still
> requesting a clear text password. After that it tries with LM-password /
> NT-password.

  Well, no, it doesn't.  The debug output doesn't say that.

> I read this article 
> http://deployingradius.com/documents/configuration/active_directory.html
> 
> But I cant sort out this problem.

  Put a user && Cleartext-Password into the "users" file.  It will work.

> Is It possible to set Enterasys Wireless controller to authenticate mgmt
> users via MSCHAP Radius???

  Yes.

> Can it be done without LM-password or NT-password?

  Yes.

  Alan DeKok.


More information about the Freeradius-Users mailing list