Thanks for the response David, Now, I have solved the problem locally by putting an attribute in the ldap.attrmap but then another problem appears through the wireless network, MSCHAPv2 fails.
Here is the debug: rad_recv: Access-Request packet from host 10.96.100.205 port 3474, id=0, length=141 User-Name = "kgalmarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0xad0c602caf0879e361d2fc32a03924cb NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0x1a992ae101dc19bed2e015caf2bbeb6a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 3474 EAP-Message = 0x0105009e19006f0fd8a5dc5276fa83706f679780f3e60b36f5b3489d5551b7dc0590f2ddf6959d4ba9550b38329c20dce0ab3182205608a19b3d2964953695b467af4cd29ade6a679b18dfa5492a4286fe5b2a13c12d8305450e32b2441a68b97f9701655d60ad7d399f3b693b9562b3353d3bd5d730cab42857c0e5edb72fde0d9b70eeb03dd0afd787e1ceede01810d2c9e83bdc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad0c602cae0979e361d2fc32a03924cb Finished request 26. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 3476, id=0, length=473 User-Name = "kgalmarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0xad0c602cae0979e361d2fc32a03924cb NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020501501980000001461603010106100001020100c542f62acfbd366e8405d3adff312ebd94735bf3ac304ad3d77181e4c4b0bf44d9be0535950cbaf69c37070037d4d133dc89c0380dc5316ffc95990b89ece6edae37e693b36394f8b2083dfc51ed6c2299bd79d12f6092575821119d33adde80ab4ef139676595fbc92634f37fdcff35aeffa0c74679911a2da24a69d8072e5c579c3e54013399a1234e73ea4d46abc6d9ef9f244a6b71156299361fa64df7e35a3294a06ea27ef2994bd4c92a48d1c2bab9e93b0d2013d031870c916565ea72ab93ea251c8b0a7866e20f784d606e8ad1e1166304fe1bc6e6a5314b0e985faa24aa65282a8c8e40 EAP-Message = 0x9b50d5596b8eb762b310f7f4eff103bd4fd97a3befdafea71403010001011603010030a680505c090eb82a07d19dc8803018fcd9f8267117d19d5b292f0c04f0cbcc9eaa3aba3957e5f79f3e79d380940620cf Message-Authenticator = 0x6037a94f2dacb582d4754d31502219ab +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 3476 EAP-Message = 0x0106004119001403010001011603010030128464a588d53c8a4b6235b1e461217101864b8e71d1a5e83c6b3b7f7ea8f29b130286a84db48714e04005fb560fd728 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad0c602ca90a79e361d2fc32a03924cb Finished request 27. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 3478, id=0, length=141 User-Name = "kgalmarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0xad0c602ca90a79e361d2fc32a03924cb NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600061900 Message-Authenticator = 0x9d8dfc736e1c22a4314d7aa160c5ea11 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 3478 EAP-Message = 0x0107002b190017030100203f0b8da669b9347ac0886ca305a901f2a7bf50c2e3c5c0b5b95ab558820f1b7f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad0c602ca80b79e361d2fc32a03924cb Finished request 28. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 3480, id=0, length=178 User-Name = "kgalmarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0xad0c602ca80b79e361d2fc32a03924cb NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207002b19001703010020310fb390754a0699925dada77e3a377bde515be9847340533953d3b41a159a79 Message-Authenticator = 0x7d16904deafc08a2e3947d16eb0d4c56 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - kgalmarez [peap] Got tunneled request EAP-Message = 0x0207000e016b67616c6d6172657a server { PEAP: Got tunneled identity of kgalmarez PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to kgalmarez Sending tunneled request EAP-Message = 0x0207000e016b67616c6d6172657a FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "kgalmarez" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry kgalmarez at line 95 ++[files] returns ok [ldap] performing user authorization for kgalmarez [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> kgalmarez [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=kgalmarez) [ldap] expand: dc=testldap1,dc=test,dc=corpoff -> dc=testldap1,dc=test,dc=corpoff rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=testldap1,dc=test,dc=corpoff, with filter (uid=kgalmarez) [ldap] looking for check items in directory... rlm_ldap: userPassword -> User-Password == "{crypt}$1$3rOzYhpM$iBPcRQdUVkW4x6BxpUrNO0" [ldap] looking for reply items in directory... [ldap] user kgalmarez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800231a0108001e108c4aca055aec2ed994cff2e383755b8f6b67616c6d6172657a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c1b34c32c132e7886182821520901eb [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800231a0108001e108c4aca055aec2ed994cff2e383755b8f6b67616c6d6172657a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c1b34c32c132e7886182821520901eb [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 3480 EAP-Message = 0x0108004b19001703010040c48fd3b6a88a8dc11aa312f383f04bbcbec5e0b2c3ef04cb84d396ec3ba3c4469d42b77a3a97fa3b3e886481fc23ab29413b348872a8d7bd9582d37947f1f3e9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad0c602cab0479e361d2fc32a03924cb Finished request 29. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 3482, id=0, length=242 User-Name = "kgalmarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0xad0c602cab0479e361d2fc32a03924cb NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0208006b190017030100600b6f5a0fda2fdc2779755ef1f3d92b36cd2e1f71e1f9183d9210c36a7e791f0810e1bb1f23ed4404a5660adc23bd51b0ca74401684d786fe42eb40e8717b6dd041ec15ac6d7f3c4c2929f8dbd11fc126f6775b4feb2e88d27ea9d802161b8e67 Message-Authenticator = 0x85d69ad69206158d4d5f75154b71d6c6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800441a0208003f31151b7d14a7f10fbe1ffe01e50d3bfcf800000000000000007920079161e59ed5e4f0452a30a70e7f92fdeb49b9485b8c006b67616c6d6172657a server { PEAP: Setting User-Name to kgalmarez Sending tunneled request EAP-Message = 0x020800441a0208003f31151b7d14a7f10fbe1ffe01e50d3bfcf800000000000000007920079161e59ed5e4f0452a30a70e7f92fdeb49b9485b8c006b67616c6d6172657a FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "kgalmarez" State = 0x2c1b34c32c132e7886182821520901eb server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 68 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry kgalmarez at line 95 ++[files] returns ok [ldap] performing user authorization for kgalmarez [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> kgalmarez [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=kgalmarez) [ldap] expand: dc=testldap1,dc=test,dc=corpoff -> dc=testldap1,dc=test,dc=corpoff rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=testldap1,dc=test,dc=corpoff, with filter (uid=kgalmarez) [ldap] looking for check items in directory... rlm_ldap: userPassword -> User-Password == "{crypt}$1$3rOzYhpM$iBPcRQdUVkW4x6BxpUrNO0" [ldap] looking for reply items in directory... [ldap] user kgalmarez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for kgalmarez with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 3482 EAP-Message = 0x0109002b19001703010020e012cc0b3cad898588189afb15506efef9e3a869b363f0922ab0d48e1d770c1f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xad0c602caa0579e361d2fc32a03924cb Finished request 30. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 3484, id=0, length=178 User-Name = "kgalmarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0xad0c602caa0579e361d2fc32a03924cb NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0209002b190017030100205b5eadc70f2e71d647f1d2ae8df2d85c39a9eb30ab66d8cbb3ccaa2940132841 Message-Authenticator = 0x261a660bb45a54fef98341b392f060f2 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kgalmarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> kgalmarez attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 31 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 31 Sending Access-Reject of id 0 to 10.96.100.205 port 3484 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 23 ID 0 with timestamp +766 Cleaning up request 24 ID 0 with timestamp +766 Cleaning up request 25 ID 0 with timestamp +766 Cleaning up request 26 ID 0 with timestamp +766 Cleaning up request 27 ID 0 with timestamp +766 Cleaning up request 28 ID 0 with timestamp +766 Cleaning up request 29 ID 0 with timestamp +766 Cleaning up request 30 ID 0 with timestamp +766 Waking up in 1.0 seconds. Cleaning up request 31 ID 0 with timestamp +766 Ready to process requests. Is there a way for me to solve the mschapv2 error? -- View this message in context: http://old.nabble.com/Password-Encryption-tp29393526p29394307.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html