Configuring MSCHAP to use attributes from PASSWD
lingctam
lingctam at hku.hk
Mon Jan 25 12:08:48 CET 2021
Dear all,
Could you please direct me to the correct way to configure the MSCHAP module to use the User-Name and Clear-Text Passwords from the PASSWD file?
I have added the expansion under authenticate in the following way:
Auth-Type MS-CHAP {
%{mschap:"User-Name"}
}
But I haven't been able to resolve the following error in the debug log:
(9) Found Auth-Type = EAP
(9) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(9) authenticate {
(9) eap: Expiring EAP session with state 0x4c7ec85a4c96d246
(9) eap: Finished EAP session with state 0x4c7ec85a4c96d246
(9) eap: Previous EAP request found for state 0x4c7ec85a4c96d246, released from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(9) eap_mschapv2: Auth-Type MS-CHAP {
(9) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(9) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
(9) mschap: Creating challenge hash with username: test
(9) mschap: Client is using MS-CHAPv2
(9) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
(9) mschap: ERROR: MS-CHAP2-Response is incorrect
(9) [mschap] = reject
(9) } # Auth-Type MS-CHAP = reject
(9) eap: Sending EAP Failure (code 4) ID 232 length 4
(9) eap: Freeing handler
(9) [eap] = reject
(9) } # authenticate = reject
(9) Failed to authenticate the user
Any help would be appreciated.
Thanks.
More information about the Freeradius-Users
mailing list