Radius 3 EAP (PEAP) mschapv2 connection problem

[Alan DeKok]

On Jun 3, 2020, at 6:27 AM, Anatoly Oreshkin <anatoly.oreshkin at gmail.com> wrote:
> 
> I was for several years successfully using Radius 2 with authentication
> types EAP (PEAP) mschapv2. Now I've upgraded to Radius 3 with the same
> authentication.
> From laptop under MS Windows 10 I' trying to connect to WiFi network through
> Access Points (AP). After some time I've managed to connect wifi network.
> Then I've disconnected intentionally from network and attempted once more
> connect to network but  this time failed to connect.
> Radius debug log is very big, so I provide
> extract from Radius debug log  below.
> From debug log I see that laptop is eventually authenticated through AP
> 192.168.14.241 but going through many  unsuccessful steps.
> The line
> Login OK: [oreshkin] (from client 3com9150 port 0 cli 30-E3-7A-D5-61-F0)
> shows that.
> 
> Why is it required so many steps to  successfully connect ?
> Some errors in radius configuration ?
> 
> Second attempt to connect after disconnection is failed. Why ?

  Read the debug log.

(72) mschap: WARNING: No Cleartext-Password configured.  Cannot create
NT-Password
(72) mschap: WARNING: No Cleartext-Password configured.  Cannot create
LM-Password

  Why is there no password?  I have no idea.  You deleted all of the debug output from packet (72) which shows where the password came from.  Which also mans we don't know *why* the password lookup failed.

  Please follow the instructions on https://wiki.freeradius.org/list-help

  There is no need to post debug output from an authentication session which succeeds.  It doesn't help.  Post the debug output for a session which fails.  *ALL* of the debug output.

  Editing the debug output is like taking your car to a mechanic and saying "something's wrong, but I'm not going to tell you what.  You have to figure it out and fix it"

  Alan DeKok.