OpenLDAP+FreeRadius Encryption

Greg Mischel Smith gregms at
Tue Feb 2 22:06:03 CET 2016

On Tue, Feb 2, 2016 at 11:28 AM, Alan DeKok <aland at> wrote:
>> (7)   eap_mschapv2 :  Auth-Type MS-CHAP {
>> (7)    WARNING: mschap : No Cleartext-Password configured.  Cannot
>> create LM-Password
>> (7)    WARNING: mschap : No Cleartext-Password configured.  Cannot
>> create NT-Password
>> (7)    mschap : Creating challenge hash with username: testuser
>> (7)    mschap : Client is using MS-CHAPv2
>> (7)    ERROR: mschap : FAILED: No NT/LM-Password.  Cannot perform authentication
>   It's not like the server is TELLING YOU what's going wrong.
>   Did you try configuring a Cleartext-Password for the user?

I'm sorry if I caused confusion, but getting this to work in
plain/clear-text has never been an issue. Yes I've done plenty of
radtest, I've read lots and lots of threads, but I was still having
trouble and had specific questions so I came here.

My desire is to use encrypted passwords in OpenLDAP and somehow make
this work. GTC seems to be the only option but Android and Mac (in
particular) keep trying to choose mschapv2. From the thread so far, I
was getting the impression I should be able to make it work so that's
what I was trying. Maybe I misunderstood, but I thought what was being
said was to just set the default in the eap file in the PEAP section
to GTC. But if I do an encrypted or unencrypted password, it tries
mschapv2 first (despite the default in eap being set to GTC). Am what
I'm doing practical and possible?

More information about the Freeradius-Users mailing list