Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Am 10.09.2010 um 16:18 schrieb Denis Iskandarov: [...] Also one newbie question about this mailing list: How should i answer on answers of my thread? Put Re:Re: in the beginning ? One "Re:" is enough. (If somebody really wants to see threads' hierachies, he should use an email program that can display them.) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Thanks too all of You ! It worked!!! I saw all the documentations on freeradius, different howtos and forum threads, but didn't saw this option. why people didn't wrote about this. Also one newbie question about this mailing list: How should i answer on answers of my thread? Put Re:Re: in the beginning ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
On 09/10/2010 09:18 AM, Denis Iskandarov wrote: You have deleted the output which is needed to help you. Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. So... you haven't told the server what the "known good" password is for the user. Go fix that. Sorry i didn't understand you. which good known password ?I'm using daloRADIUS. and while creating user i appended cleartext password := to it: Here is output of radcheck table: mysql> select * from radcheck; ++--+++-+ | id | username | attribute | op | value | ++--+++-+ | 2 | ubnt123 | Cleartext-Password | := | ubnt321 | ++--+++-+ It's almost same string as in users text conf, but in mysql table form. Something changed while using sql. freeradius or mschap can't understand this field. Don't know why. Here is full debug output: It doesn't look like you've got sql enabled in the inner tunnel (e.g. the virtual server invoked after a TLS session is established). Edit your config to enable sql in the inner-tunnel. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Denis Iskandarov wrote: > Sorry i didn't understand you. which good known password ?I'm using > daloRADIUS. and while creating user i appended cleartext password := > to it: > Here is output of radcheck table: Yes... > It's almost same string as in users text conf, but in mysql table form. > Something changed while using sql. freeradius or mschap can't > understand this field. Don't know why. It's in the debug output. You uncommented "sql" in raddb/sites-enabled/default, but *not* in raddb/sites-enabled/inner-tunnel Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
> You have deleted the output which is needed to help you. > >> Found Auth-Type = MSCHAP >> +- entering group MS-CHAP {...} >> [mschap] No Cleartext-Password configured. Cannot create LM-Password. >> [mschap] No Cleartext-Password configured. Cannot create NT-Password. > > So... you haven't told the server what the "known good" password is > for the user. Go fix that. Sorry i didn't understand you. which good known password ?I'm using daloRADIUS. and while creating user i appended cleartext password := to it: Here is output of radcheck table: mysql> select * from radcheck; ++--+++-+ | id | username | attribute | op | value | ++--+++-+ | 2 | ubnt123 | Cleartext-Password | := | ubnt321 | ++--+++-+ It's almost same string as in users text conf, but in mysql table form. Something changed while using sql. freeradius or mschap can't understand this field. Don't know why. Here is full debug output: FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names
Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
Denis Iskandarov wrote: > used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as > well) with Ubiquiti and Mikrotik network equipment > > setup works perfectly without sql with text conf files. > when creating user in sql getting next error: > (Output omitted) You have deleted the output which is needed to help you. > Found Auth-Type = MSCHAP > +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. So... you haven't told the server what the "known good" password is for the user. Go fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured
My setup: CentOS 5.5 x32 freeradius2-2.1.7-7.el5 mysql-5.0.77-4.el5_5.3 daloRADIUS 0.9-8 SVN (0.9.-9) used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as well) with Ubiquiti and Mikrotik network equipment setup works perfectly without sql with text conf files. when creating user in sql getting next error: (Output omitted) Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for ubnt123 with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject Failed to authenticate the user. Login incorrect: [ubnt123] (from client ubnt port 0 via TLS tunnel) } # server inner-tunnel [ttls] Got tunneled reply code 3 MS-CHAP-Error = "\223E=691 R=1" [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [ubnt123] (from client ubnt port 0 cli 00-15-6D-5A-4F-5E) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> ubnt123 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 4 for 1 seconds I found some topics in regarding this same error in different setups but nothing helped me me to solve this problem. Please help. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html