Erik Sellgren wrote: > I am trying to setup wireless authentication through my mikrotik router > using freeradius with mysql and daloradius. I have the server setup and > working, I can use NTradtest from my pc and I get Access-Accept messages > in return with my cleartext user/password, username userclear password > clear. But when I set it all up and try to access the wireless with the > same credentials it is an access-reject. See below > > # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] Creating challenge hash with username: userclear > [mschap] Told to do MS-CHAPv2 for userclear with NT-Password > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > [mschap] FAILED: MS-CHAP2-Response is incorrect > ++[mschap] returns reject > Failed to authenticate the user. > > After reading the top of inner-tunnel I used the test they said to use : > radtest USER PASSWORD 127.0.0.1:18120 0 testing123
It also says to try MSCHAP. Or at least recent versions say this. > When I use my user it fails, when I use the test user "user" and "pass" > it succeeds. So do I have my innertunnel setup wrong or something? I > have sql uncommented in /etc/raddb/sites-available/inner-tunnel > > Please let me know what info you need and I can supply it, please help > me debug this issue. You've conveniently deleted nearly all of the debug output. This isn't useful. From what little is there, it seems you're forcing Auth-Type to MSCHAP. This is wrong. See the FAQ. Instead (as the output shows) you need to supply a Cleartext-Password, and then let FreeRADIUS figure out which authentication method to use. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html