Enterasys Wireless controller with Mgmt user authentication via RADIUS MSCHAP
Alan DeKok
aland at deployingradius.com
Wed Oct 29 20:30:50 CET 2014
Alan Alejandro Villaverde wrote:
> The problem is that when I set WLC to authenticate via radius using
> MSCHAP I get Access-reject.
Read the debug output to see why. This is suggested in the FAQ, "man"
page, web pages, and daily on this list.
> First of all, I keep the radius config files as default and when
> debugging it I noticed that for some reason radius is trying to
> authenticate by UNIX Cleartext Password.
I don't know what that means.
> For PAP authentication it is ok and all works great but not for MSCHAP.
>
> Then, I set Auth-type = MSCHAP in "users" config file
Don't do that. It will break things. It's not necessary.
> and here the
> things changed. The auth now is done by mschap but it is still
> requesting a clear text password. After that it tries with LM-password /
> NT-password.
Well, no, it doesn't. The debug output doesn't say that.
> I read this article
> http://deployingradius.com/documents/configuration/active_directory.html
>
> But I cant sort out this problem.
Put a user && Cleartext-Password into the "users" file. It will work.
> Is It possible to set Enterasys Wireless controller to authenticate mgmt
> users via MSCHAP Radius???
Yes.
> Can it be done without LM-password or NT-password?
Yes.
Alan DeKok.
More information about the Freeradius-Users
mailing list