• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FreeRADIUS 3.x package NTLM problem

Scheduled Pinned Locked Moved pfSense Packages
13 Posts 6 Posters 4.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    Gerard64
    last edited by Oct 17, 2017, 4:19 PM Oct 17, 2017, 4:07 PM

    FreeRADIUS 3.x package NTLM problem since upgrade to PFS 2.4.
    Before I used Freeradius 2. Since PFS 2.4 doesn't have Freeradius 2 package anymore I tried Freeradius 3.

    OpenVPN and Captive portal both work with Freeradius 3 but wpa2-eap does not work anymore. I have 2 sites both same problem

    The error i'm seeing is:
    Oct 13 13:23:27    radiusd    48737    (38) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [SomeUsername] (from client AP2 port 0 via TLS tunnel)
    Oct 13 13:23:20    radiusd    48737    (30) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [anonymous] (from client AP3 port 0 cli F0-D7-AA-xx-xx-xx)

    The last line has to do with the first one obviously.
    I don't know how to go forward other then turning back to PFS 2.3.4 with Freeradius 2, which I did, and wpa-eap is working again.

    1 Reply Last reply Reply Quote 0
    • G
      Gerard64
      last edited by Nov 2, 2017, 1:31 AM

      Tonight I upgraded to pfS 2.3.5. Again forced to use Freeradius 3 where I before used Freeradius 2 in 2.3.4 and again the same problem as with pfS 2.4:

      Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [Username/<via auth-type="eap">] (from client AP2 port 0 via TLS tunnel)

      Tomorrow re-install pfS 2.3.4 again  :(</via>

      1 Reply Last reply Reply Quote 0
      • G
        Gerard64
        last edited by Nov 12, 2017, 8:42 PM Nov 6, 2017, 1:01 AM

        I would realy like to upgrade to 2.4.
        I'm not the only one with this problem:

        https://forum.pfsense.org/index.php?topic=131883.msg737459#msg737459

        How can I fix this?
        I have no clou what to do other then staying on pfS 2.3.4.

        1 Reply Last reply Reply Quote 0
        • A
          Aeular
          last edited by Nov 29, 2017, 9:45 PM

          I didn't use 2.0, so can't say this is it for sure, but when setting up 3, I ran into that issue.  I found I had to store passwords as cleartext for it to work, not MD5.  Thats on the 2.4 line though. Hopefully that helps you

          1 Reply Last reply Reply Quote 0
          • G
            Gerard64
            last edited by Nov 29, 2017, 9:59 PM

            I use NT-Password for most users I also have a test user with Cleartext-Password set. No difference they generate the same error message, I don't use md5. The 2 sites I have are in use I can't use them to test and/or try things. I have no other choice then to stay on pfSense 2.3 with Freeradius 2 for the time being. At the moment I have no idea how to figure this out.

            Thank you for responding.

            1 Reply Last reply Reply Quote 0
            • G
              Gerard64
              last edited by Feb 8, 2018, 9:38 PM

              Since I couldn't fix the above problem I have setup a external freeradius 2 server so I can uninstall freeradius from pfsense system. To be able to upgrade to the latest pfsense version.
              Now I want to uninstall Freeradius 2 from pfSense 2.3.4 but it isn't showing in the installed packages list. How do I uninstall Freeradius wen it is not showing in the packages manager?
              I don't want any left over packages files etc of freeradius wen i'm going to upgrade pfSense.

              1 Reply Last reply Reply Quote 0
              • G
                Gertjan
                last edited by Feb 9, 2018, 5:39 PM

                @Gé:

                ….
                I don't want any left over packages files etc of freeradius wen i'm going to upgrade pfSense.

                Hi,
                Throw out all references to Freeradius in the config.xml

                Then, do a clean install using 2.4.x - import your config, and done.
                (10 minutes max).

                Clean system guaranteed.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • G
                  Gerard64
                  last edited by Feb 9, 2018, 6:31 PM

                  Okay great advice, thanks!

                  1 Reply Last reply Reply Quote 0
                  • J
                    jimp Rebel Alliance Developer Netgate
                    last edited by Feb 19, 2018, 8:17 PM

                    Try again on with FreeRADIUS 3.x package version 0.15.5, this should be fixed now.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • G
                      Gerard64
                      last edited by Mar 4, 2018, 12:05 AM Feb 25, 2018, 12:40 AM

                      Today I upgraded to pfSense 2.4.2-1. I didn't want to install Freeeradius anymore in pfSense since it didn't work anymore for me. But then you posted the problem should be fixed in the latest version. Today I tested it but sadly it is still the same.

                      I will keep the Freeradius 3 setup on pfSense for testing new package versions in the future.
                      Till it is fixed I'm using my other Freeradius 2.

                      1 Reply Last reply Reply Quote 0
                      • Z
                        Zizi
                        last edited by Apr 10, 2018, 1:34 PM

                        Hi,
                        today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords".
                        If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication"

                        Is there any way to use non clear text password storage with working WPA-EAP?

                        1 Reply Last reply Reply Quote 0
                        • G
                          Gerard64
                          last edited by Apr 16, 2018, 2:28 AM

                          Hi Zizi,

                          I have a freeradius 3 in pfsense and a external freeradius 2 in a vps. The last one works with plain password ánd nthash paswd's.
                          I have a test user with a plain passwd this is not working in fact non of my users can login wen i use the pfsense radius 3 server package. If i use the external freeradius 2 server i installed in a virtual debian system all users work 100% nthash and plan text password are no difference then. I have even md5 test users that do work also.

                          I keep the FR3 package on pfsense on hand so I can test it if and wen there are updates in the hope one day it will work again.

                          1 Reply Last reply Reply Quote 0
                          • A
                            antilog
                            last edited by Apr 22, 2018, 3:54 PM

                            @Zizi:

                            Hi,
                            today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords".
                            If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication"

                            Is there any way to use non clear text password storage with working WPA-EAP?

                            Same here.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                              [[user:consent.lead]]
                              [[user:consent.not_received]]