>Below is the whole output. >I have two questions: 1. Is this correct because I kinda think this is the >problem. --> peap { > default_eap_type = "mschapv2" > copy_request_to_tunnel = yes > use_tunneled_reply = yes > proxy_tunneled_request_as_eap = yes > } > >2. How can I tell what MSCHAPv2 didn't like about the previous packet? I >still believe it is a password styled issue. I have tried NT hash, >cleartext, etc. nothing works. > >Any help would be greatly appriecated! Thanks. > > >Starting - reading configuration files ... >including configuration file /usr/local/etc/raddb/radiusd.conf >including configuration file /usr/local/etc/raddb/proxy.conf >including configuration file /usr/local/etc/raddb/clients.conf >including configuration file /usr/local/etc/raddb/snmp.conf >including configuration file /usr/local/etc/raddb/eap.conf >including configuration file /usr/local/etc/raddb/sql.conf >including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf >including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf >including configuration file /usr/local/etc/raddb/policy.conf >including files in directory /usr/local/etc/raddb/sites-enabled/ >including configuration file /usr/local/etc/raddb/sites-enabled/default >including dictionary file /usr/local/etc/raddb/dictionary
Something is not right here. What version is this? Inner-tunnel virtual server is missing both in configuration and in peap section. And that's where mschap should be processed. set_auth_type in ldap should also be set to no in your case. Don't provide User-Password (it only creates problems; Cleartext-Password should be used), NT-Password is enough. As a general point, I don't see Cleartext-Password in default ldap.attrmap (2.0.5). Perhaps mapping should be added? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html