question regarding PEAP/MSCHAPv2 (ERROR: FAILED: No NT/LM-Password. Cannot perform authentication)
aland at deployingradius.com
Fri Oct 30 13:57:07 CET 2015
On Oct 30, 2015, at 8:54 AM, Thomas Stather <Thomas.Stather at mpimf-heidelberg.mpg.de> wrote:
> I tried to set
> password_attribute to "sambaNTPassword" but the error is still the same.
Post the *full* debug.
> As we have the hashes in our LDAP it seems that i have to switch to "ntlm_auth" module
No. FreeRADIUS can get the hashes directly from LDAP.
> radtest -t mschap tstather <my password> 127.0.0.1:18120 0 <shared secret>
> it works, but connecting via WLAN fails.
> (8) mschap: --> --nt-response=9afa807de748f4cdfb1dcd7414d6ba3a9d5a787c18b448ad
> (8) mschap: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
Which seems pretty straightforward.
> I think the problem comes from the "Mschap:User-Name" variable which holds the full username, i.e. "tstather at mpimf-heidelberg.mpg.de"
> How can i change the configuration so that the username is the username without our realm, in this case "tstather"?
Don't. Fix it so that FreeRADIUS gets the passwords from LDAP. It will be simpler, faster, and easier to maintain.
More information about the Freeradius-Users