MSCHAPv2 fails to authenticate against OpenDirectory with error 5100 (0x13ec)

Alan DeKok aland at deployingradius.com
Wed Jun 10 14:49:57 CEST 2015


On Jun 10, 2015, at 7:58 AM, Alan Egerton <eggyal at gmail.com> wrote:
> I'm trying to follow the instructions in Dan Barrett's article
> <https://www.yesdevnull.net/2013/10/os-x-mavericks-server-setting-up-freeradius/>
> to get the distribution of FreeRADIUS (v2.2.0) that ships with OS X
> Server (v4.1) to authenticate Open Directory users via non-Apple
> authenticators.

  It *should* just work.  After all, it's supposed to be tested by Apple before they ship it.

> However, the MSCHAPv2 module always fails as follows:
> 
> [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
> [mschap] No Cleartext-Password configured.  Cannot create NT-Password.
> [mschap] Creating challenge hash with username: username
> [mschap] Client is using MS-CHAPv2 for username, we need NT-Password
> [mschap] Using OpenDirectory to authenticate
> [mschap] Doing OD MSCHAPv2 auth
> [mschap] Authentication failed for username: error 5100 (0x13ec): unknown error
> 
> I can't find any documentation on what might have caused this error
> and am not sure how to progress from here.  Your thoughts would be
> most welcome!

  I can't find any documentation, either.

  I suggest trying to install 3.0.8.  We've put more messages into the module which *should* help track down exactly what's going wrong.

  Alan DeKok.




More information about the Freeradius-Users mailing list