No... I don't have any of such definition .. However, I can see the following when Radius started ..
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password Clement -----Original Message----- From: freeradius-users-bounces+c.ogedengbe=worc.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+c.ogedengbe=worc.ac...@lists.freeradius.org] On Behalf Of Nicolas Goutte Sent: 03 July 2009 12:33 To: FreeRadius users mailing list Subject: Re: ntlm_auth problem using EAP-TLS with MSCHAP authentication toLDAP server Am 03.07.2009 um 13:24 schrieb Clement Ogedengbe: > OK. I have done that, But still returned the error below! > > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/mschapv2 > [eap] processing type mschapv2 > [mschapv2] +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] Told to do MS-CHAPv2 for otha1_00 with NT-Password > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > [mschap] FAILED: MS-CHAP2-Response is incorrect You have either Cleartext-Password or NT-Password defined in your LDAP database, haven't you? If not, see: http://deployingradius.com/documents/protocols/compatibility.html Have a nice day! > ++[mschap] returns reject > [eap] Freeing handler > ++[eap] returns reject > Failed to authenticate the user. > } # server inner-tunnel > [peap] Got tunneled reply code 3 > MS-CHAP-Error = "\010E=691 R=1" > EAP-Message = 0x04080004 > Message-Authenticator = 0x00000000000000000000000000000000 > [peap] Got tunneled reply RADIUS code 3 > MS-CHAP-Error = "\010E=691 R=1" > EAP-Message = 0x04080004 > Message-Authenticator = 0x00000000000000000000000000000000 > [peap] Tunneled authentication was rejected. > [peap] FAILURE > > Clement > > -----Original Message----- > From: freeradius-users-bounces+c.ogedengbe=worc.ac...@lists.freeradius.org > [mailto:freeradius-users-bounces+c.ogedengbe=worc.ac...@lists.freeradius.org > ] > On Behalf Of Ivan Kalik > Sent: 03 July 2009 12:17 > To: FreeRadius users mailing list > Subject: Re: ntlm_auth problem using EAP-TLS with MSCHAP > authentication to > LDAP server > >> The user/password information are held in the LDAP server. I have >> been >> able >> to authenticate successfully with packets coming from non-EAP >> clients. >> But >> for EAP authentication clients, I have been receiving the following >> error >> lines. (I am using ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key >> --username=%{Stripped-User-Name:-%{User-Name:-None}} >> --challenge=%{mschap:Challenge:-00} to call the LDAP server. > > ntlm_auth is for Active Directory. Comment out ntlm_auth line in > maschap > module and it will work as long as you have clear or nt hashed > password > stored in ldap. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html