Hi, > Could not authenticate user Username%Password with plaintext password > challenge/response password authentication succeeded
thats okay. means you couldnt do PAP and only MSCHAPv2 worked. expected for that command. > In this Step, i must edit the following line with this text in the file: > /etc/freeradius/modules/mschap > > ntlm_auth = "/path/to/ntlm_auth --request-nt-key > --username=%{mschap:User-Name:-None} > --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} > --challenge=%{mschap:Challenge:-00} > --nt-response=%{mschap:NT-Response:-00}" > > But my default commented ntml_auth looks like this: > > ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key > --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} > --challenge=%{%{mschap:Challenge}:-00} > --nt-response=%{%{mschap:NT-Response}:-00}" the docs and default values have seperated over time. > In my default ntlm_auth, the option > "--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}" is missing. Should i add it? depends on what you want to do and need to do. do you TRUST your clients to be sending the correct domain? I dont...so I've set the domain manually. > $ radtest -t mschap bob hello localhost 0 testing123 > First Line: > bob Cleartext-Password := "hello" whats the users file got to do with anything? if you have clashing usernames you will have a few problems. i expect you are trying to test your AD? the radtest failed due to incorrect password.. ie the AD is not bob/hello I'd recommend using 'eapol_test' for better/advanced testing - its part of the wpa_supplicant package. > @Mathieu > Is there a current RADIUS-book that you can recommend? "FreeRADIUS for beginners" is a good current book alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html