How to Integrate NAS MSCHAP x FreeRadius
Nathan Ward
lists+freeradius at daork.net
Thu Jul 15 01:05:31 CEST 2021
> On 15/07/2021, at 9:40 AM, Paulo Roberto Tomasi <pztomasi at gmail.com> wrote:
>
> (0) pap: WARNING: No "known good" password found for the user. Not setting
> Auth-Type
> (0) pap: WARNING: Authentication will fail unless a "known good" password
> is available
>
> (0) mschap: WARNING: No Cleartext-Password configured. Cannot create
> NT-Password
> (0) mschap: WARNING: No Cleartext-Password configured. Cannot create
> LM-Password
>
> (0) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
> (0) mschap: ERROR: MS-CHAP2-Response is incorrect
>
> #
>
> What do those lines want to say?
>
> I didn't find any hints after hours searching
I searched Google for "mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password” and got 187 results with that exact string.
This was the second hit:
http://lists.freeradius.org/pipermail/freeradius-users/2015-October/080244.html
See also: http://deployingradius.com/documents/protocols/compatibility.html
You’ve left out almost the entire debug for this packet so it’s difficult to know what you have configured exactly - but in short MSCHAP isn’t going to work with AD when using LDAP to do the integration, per the above mailing list thread.
--
Nathan Ward
More information about the Freeradius-Users
mailing list