Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Am 10.09.2010 um 16:18 schrieb Denis Iskandarov: [...] Also one newbie question about this mailing list: How should i answer on answers of my thread? Put Re:Re: in the beginning ? One "Re:" is enough. (If somebody really wants to see threads' hierachies, he should use an email program that can display them.) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Thanks too all of You ! It worked!!! I saw all the documentations on freeradius, different howtos and forum threads, but didn't saw this option. why people didn't wrote about this. Also one newbie question about this mailing list: How should i answer on answers of my thread? Put Re:Re: in the beginning ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
On 09/10/2010 09:18 AM, Denis Iskandarov wrote:
You have deleted the output which is needed to help you.
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
So... you haven't told the server what the "known good" password is
for the user. Go fix that.
Sorry i didn't understand you. which good known password ?I'm using
daloRADIUS. and while creating user i appended cleartext password :=
to it:
Here is output of radcheck table:
mysql> select * from radcheck;
++--+++-+
| id | username | attribute | op | value |
++--+++-+
| 2 | ubnt123 | Cleartext-Password | := | ubnt321 |
++--+++-+
It's almost same string as in users text conf, but in mysql table form.
Something changed while using sql. freeradius or mschap can't
understand this field. Don't know why.
Here is full debug output:
It doesn't look like you've got sql enabled in the inner tunnel (e.g.
the virtual server invoked after a TLS session is established). Edit
your config to enable sql in the inner-tunnel.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Denis Iskandarov wrote: > Sorry i didn't understand you. which good known password ?I'm using > daloRADIUS. and while creating user i appended cleartext password := > to it: > Here is output of radcheck table: Yes... > It's almost same string as in users text conf, but in mysql table form. > Something changed while using sql. freeradius or mschap can't > understand this field. Don't know why. It's in the debug output. You uncommented "sql" in raddb/sites-enabled/default, but *not* in raddb/sites-enabled/inner-tunnel Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
> You have deleted the output which is needed to help you.
>
>> Found Auth-Type = MSCHAP
>> +- entering group MS-CHAP {...}
>> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
>> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
>
> So... you haven't told the server what the "known good" password is
> for the user. Go fix that.
Sorry i didn't understand you. which good known password ?I'm using
daloRADIUS. and while creating user i appended cleartext password :=
to it:
Here is output of radcheck table:
mysql> select * from radcheck;
++--+++-+
| id | username | attribute | op | value |
++--+++-+
| 2 | ubnt123 | Cleartext-Password | := | ubnt321 |
++--+++-+
It's almost same string as in users text conf, but in mysql table form.
Something changed while using sql. freeradius or mschap can't
understand this field. Don't know why.
Here is full debug output:
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar
31 2010 at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Denis Iskandarov wrote:
> used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as
> well) with Ubiquiti and Mikrotik network equipment
>
> setup works perfectly without sql with text conf files.
> when creating user in sql getting next error:
> (Output omitted)
You have deleted the output which is needed to help you.
> Found Auth-Type = MSCHAP
> +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
So... you haven't told the server what the "known good" password is
for the user. Go fix that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
My setup:
CentOS 5.5 x32
freeradius2-2.1.7-7.el5
mysql-5.0.77-4.el5_5.3
daloRADIUS 0.9-8 SVN (0.9.-9)
used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as
well) with Ubiquiti and Mikrotik network equipment
setup works perfectly without sql with text conf files.
when creating user in sql getting next error:
(Output omitted)
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for ubnt123 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect: [ubnt123] (from client ubnt port 0 via TLS tunnel)
} # server inner-tunnel
[ttls] Got tunneled reply code 3
MS-CHAP-Error = "\223E=691 R=1"
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [ubnt123] (from client ubnt port 0 cli 00-15-6D-5A-4F-5E)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> ubnt123
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
I found some topics in regarding this same error in different setups
but nothing helped me me to solve this problem.
Please help.
Thanks in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
