Need help with EAP-MSCHAPv2 config

Yongqiang He thehyq at gmail.com
Mon Feb 10 23:29:31 CET 2020 

Hi,

I am new to freeradius and hope someone here can help me with my setup.
Thanks a lot!

Here is what i got when running radiusd with -X option:
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "testing", looking up realm NULL
(8) suffix: No such realm "NULL"
(8)     [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 2 length 66
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8)     [eap] = updated
(8)   } # authorize = updated
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/raddb/sites-enabled/default
(8)   authenticate {
(8) eap: Expiring EAP session with state 0x065c081f075e1207
(8) eap: Finished EAP session with state 0x065c081f075e1207
(8) eap: Previous EAP request found for state 0x065c081f075e1207, released
from the list
(8) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: # Executing group from file
/etc/raddb/sites-enabled/default
(8) eap_mschapv2:   authenticate {
(8) mschap: WARNING: No Cleartext-Password configured.  Cannot create
NT-Password
(8) mschap: Creating challenge hash with username: testing
(8) mschap: Client is using MS-CHAPv2
(8) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform authentication
(8) mschap: ERROR: MS-CHAP2-Response is incorrect
(8) eap_mschapv2:     [mschap] = reject
(8) eap_mschapv2:   } # authenticate = reject
(8) eap: Sending EAP Failure (code 4) ID 2 length 4
(8) eap: Freeing handler
(8)     [eap] = reject
(8)   } # authenticate = reject
(8) Failed to authenticate the user

If i run: radtest -t mschap ..., everything seems fine and it output 'Received
Access-Accept'. I guess its because the radtest is running with mschap, and
my client above is using mschapv2. I can't figure out what config i should
do with mschapv2.

The radius is running with mysql. user and password are insert to with
sql: INSERT
INTO `radcheck` VALUES
(2,'testing','Cleartext-Password',':=','testuser_mypass');


Thanks a lot!

More information about the Freeradius-Users mailing list