I cannot authenticate my Windows Laptop using MS-CHAPv2 and Freeradius.
This is the error message I get:
(7) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(7) eap_mschapv2: authenticate {
(7) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
(7) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
(7) mschap: Creating challenge hash with username: maksim
(7) mschap: Client is using MS-CHAPv2
(7) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
(7) mschap: ERROR: MS-CHAP2-Response is incorrect
(7) [mschap] = reject
(7) } # authenticate = reject
(7) eap: Sending EAP Failure (code 4) ID 8 length 4
(7) eap: Freeing handler
(7) [eap] = reject
(7) } # authenticate = reject
(7) Failed to authenticate the user
(7) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [maksim] (from client dlink port 0 via TLS tunnel)
It says that I don't have Cleartext-Password configured, but I don't agree:
MariaDB [radius]> select * from radcheck;
+----+----------+--------------------+----+----------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+----------+
| 9 | maksim | User-Password | := | 1q2w3e4r |
| 8 | maksim | Cleartext-Password | := | 1q2w3e4r |
| 10 | maksim | Auth-Type | := | MS-CHAP |
| 11 | maksim | CHAP-Password | := | 1q2w3e4r |
| 12 | maksim | NT-Password | := | 1q2w3e4r |
+----+----------+--------------------+----+----------+
5 rows in set (0.00 sec)
Solved by changing
driver = "rlm_sql_null"
to
driver = "rlm_sql_mysql"
in
/etc/raddb/mods-enabled/sql