Configuring MSCHAP to use attributes from PASSWD

lingctam lingctam at hku.hk
Mon Jan 25 12:08:48 CET 2021


Dear all,

Could you please direct me to the correct way to configure the MSCHAP module to use the User-Name and Clear-Text Passwords from the PASSWD file?

I have added the expansion under authenticate in the following way:

Auth-Type MS-CHAP {
                %{mschap:"User-Name"}
}

But I haven't been able to resolve the following error in the debug log:

(9)   Found Auth-Type = EAP
(9)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(9)     authenticate {
(9) eap: Expiring EAP session with state 0x4c7ec85a4c96d246
(9) eap: Finished EAP session with state 0x4c7ec85a4c96d246
(9) eap: Previous EAP request found for state 0x4c7ec85a4c96d246, released from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(9) eap_mschapv2:   Auth-Type MS-CHAP {
(9) mschap: WARNING: No Cleartext-Password configured.  Cannot create NT-Password
(9) mschap: WARNING: No Cleartext-Password configured.  Cannot create LM-Password
(9) mschap: Creating challenge hash with username: test
(9) mschap: Client is using MS-CHAPv2
(9) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform authentication
(9) mschap: ERROR: MS-CHAP2-Response is incorrect
(9)     [mschap] = reject
(9)   } # Auth-Type MS-CHAP = reject
(9) eap: Sending EAP Failure (code 4) ID 232 length 4
(9) eap: Freeing handler
(9)       [eap] = reject
(9)     } # authenticate = reject
(9)   Failed to authenticate the user

Any help would be appreciated.

Thanks.


More information about the Freeradius-Users mailing list