OpenLDAP+FreeRadius Encryption

Alan DeKok aland at
Tue Feb 2 18:28:25 CET 2016

On Feb 2, 2016, at 12:11 PM, Greg Mischel Smith <gregms at> wrote:
> Any other default settings I
> should try?

  Tell the server what the "known good" password is for the user?
> (7)   eap_mschapv2 :  Auth-Type MS-CHAP {
> (7)    WARNING: mschap : No Cleartext-Password configured.  Cannot
> create LM-Password
> (7)    WARNING: mschap : No Cleartext-Password configured.  Cannot
> create NT-Password
> (7)    mschap : Creating challenge hash with username: testuser
> (7)    mschap : Client is using MS-CHAPv2
> (7)    ERROR: mschap : FAILED: No NT/LM-Password.  Cannot perform authentication

  It's not like the server is TELLING YOU what's going wrong.

  Did you try configuring a Cleartext-Password for the user?


  Then how do you expect the server to authenticate the user?

  Did you try READING the instructions at the top of raddb/sites-available/inner-tunnel?


  Then go do that.  If you can't get radtest to work as documented there, you won't be able to get PEAP to work.

  This is all documented.

  Alan Dekok.

More information about the Freeradius-Users mailing list