Häng bitte mal
/etc/freeradius/sites-available/inner-tunnel
und
/etc/freeradius/eap.conf an, damit ich die mal vergleichen kann.
Scheinbar versucht er per NTLM zu authentifizieren und das schlägt bei mschap einfach fehl…
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: ba
[mschap] Told to do MS-CHAPv2 for ba with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject#
Gegen LDAP klappt die AUTH aber:
[ldap] userPassword -> Password-With-Header == "{SSHA}k34tVPH7w2Q9PkhPWJYvQQW64fAyTGFvQWhGSWZ1ajZGWG82bndLdzBvNlUzYXdmS3k1Wg=="
[ldap] sambaNtPassword -> NT-Password == 0x3230363135433634303636393632354132364537443741463943454132434442
[ldap] sambaLmPassword -> LM-Password == 0x4632453138363245303531433143394641414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user ba authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Viele Grüße
Hendrik