Cross platform secure login on wpa2
Brian Candler
b.candler at pobox.com
Mon Dec 19 17:39:39 CET 2016
On 19/12/2016 15:28, Henti Smith wrote:
> I've upgraded to V3.0.12 and made the config changes as suggested.
>
> Authentication is still not working, but at least I'm now getting krb auth
> attempts, which fails due to 'Attribute "User-Password" is required for
> authentication'
>
> Please fine log below
(7) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
(7) [mschap] = ok
...
(7) krb5: ERROR: Attribute "User-Password" is required for authentication
The client has negotiated MSCHAP authentication. You cannot do MSCHAP
authentication with Kerberos as a password oracle, because MSCHAP
doesn't send the cleartext password.
You need to restrict the authentication to PAP or GTC.
HTH,
Brian.
More information about the Freeradius-Users
mailing list