On 1/13/10 5:06 PM, Alan DeKok wrote: > Lech Karol Pawłaszek wrote: >> Right now I'm deploying (yes. at this particular moment!) IPsec/L2TP VPN >> which will be utilizing RADIUS via ppp connection. And for PAP it works >> nice. However MSCHAP doesn't want to work. I'm kinda lost because EAP >> connection uses MSCHAP(v2) as well and this one works flawlessly. >> >> ;-) Am I missing something? I believe it should work. Or it cannot? >> >> I've attached FreeRADIUS' logfile. Any pointers/hints much appreciated. > > The Access-Request doesn't contain any MS-CHAP attributes. The server > cannot do MS-CHAP.
Thanks! I don't know how I've missed that. The problem was with radiusclient-ng's dictionary.microsoft file. For the reference there is a nice howto on the poptop page: http://poptop.sourceforge.net/dox/skwok/poptop_ads_howto_8.htm Now IPsec/L2TP works with RADIUS (using MS-CHAPv2), which is connected to a LDAP, which stores users' passwords in NT/LM hashes. Great success. ;-) Thanks again Alan for the awesome FreeRADIUS. Kind regards, -- Lech Karol Pawłaszek <ike> "You will never see me fall from grace" [KoRn] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html