I forgot a couple of lines to the debugging I want to add. It almost seems like to me that Radius isn't getting the password from the client.
----- Original Message ----- From: "Eric Bourkland" <eric.bourkl...@trustedconcepts.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Friday, August 14, 2009 9:40:08 AM GMT -05:00 US/Canada Eastern Subject: Authentication with mschap Need some help pointing me in the right direction. I think I know what the problem is but I don't know where to look. I think the problem is my freeRadius server and openLDAP server are not talking perfectly. I am trying to do MS-chapv2 authentication so that windows machines can connect to out access point without having to install additional software. One of the glaring things that jumps out at me is that in the logs/debugging it says message-Authenticator = 0x000000... It looks like it is trying the correct authentication ... No Cleartext-Password configured. Cannot create LM-Password No Cleartext-Password configured. Cannot create NT-Password Told to do MS-CHAPv2 for test.user with NT-Password FAILED: No NT/LM-Password. Cannot perform authentication. FAILED: MS-CHAP2-Response is incorrect. ... and then error message peap got tunnel reply code3 MS-CHAP-Error = "\007E=691 R=1" Okay that message is pretty clear to me, but I do have an NT-Password in sambaNTPassword and is populate/stored in NT hash format and there is a maping in ldap.attrmap checkItem NT-Password sambaNtPassword I haven't done anything funky with the config files like setting Authe-Type = to anything I've read enough that it is a big no no. The only thing I've done is uncomment a few things so that it will use ldap. And everything works when I use radtest so I know my connection to my ldap server is okay but radtest is using a different protocol as I've been learning through this whole experience. If anyone can point me in the right direction I would greatly appreciate it. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
