FreeRADIUS 3.x package NTLM problem
-
FreeRADIUS 3.x package NTLM problem since upgrade to PFS 2.4.
Before I used Freeradius 2. Since PFS 2.4 doesn't have Freeradius 2 package anymore I tried Freeradius 3.OpenVPN and Captive portal both work with Freeradius 3 but wpa2-eap does not work anymore. I have 2 sites both same problem
The error i'm seeing is:
Oct 13 13:23:27 radiusd 48737 (38) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [SomeUsername] (from client AP2 port 0 via TLS tunnel)
Oct 13 13:23:20 radiusd 48737 (30) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [anonymous] (from client AP3 port 0 cli F0-D7-AA-xx-xx-xx)The last line has to do with the first one obviously.
I don't know how to go forward other then turning back to PFS 2.3.4 with Freeradius 2, which I did, and wpa-eap is working again. -
Tonight I upgraded to pfS 2.3.5. Again forced to use Freeradius 3 where I before used Freeradius 2 in 2.3.4 and again the same problem as with pfS 2.4:
Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [Username/<via auth-type="eap">] (from client AP2 port 0 via TLS tunnel)
Tomorrow re-install pfS 2.3.4 again :(</via>
-
I would realy like to upgrade to 2.4.
I'm not the only one with this problem:https://forum.pfsense.org/index.php?topic=131883.msg737459#msg737459
How can I fix this?
I have no clou what to do other then staying on pfS 2.3.4. -
I didn't use 2.0, so can't say this is it for sure, but when setting up 3, I ran into that issue. I found I had to store passwords as cleartext for it to work, not MD5. Thats on the 2.4 line though. Hopefully that helps you
-
I use NT-Password for most users I also have a test user with Cleartext-Password set. No difference they generate the same error message, I don't use md5. The 2 sites I have are in use I can't use them to test and/or try things. I have no other choice then to stay on pfSense 2.3 with Freeradius 2 for the time being. At the moment I have no idea how to figure this out.
Thank you for responding.
-
Since I couldn't fix the above problem I have setup a external freeradius 2 server so I can uninstall freeradius from pfsense system. To be able to upgrade to the latest pfsense version.
Now I want to uninstall Freeradius 2 from pfSense 2.3.4 but it isn't showing in the installed packages list. How do I uninstall Freeradius wen it is not showing in the packages manager?
I don't want any left over packages files etc of freeradius wen i'm going to upgrade pfSense. -
@Gé:
….
I don't want any left over packages files etc of freeradius wen i'm going to upgrade pfSense.Hi,
Throw out all references to Freeradius in the config.xmlThen, do a clean install using 2.4.x - import your config, and done.
(10 minutes max).Clean system guaranteed.
-
Okay great advice, thanks!
-
Try again on with FreeRADIUS 3.x package version 0.15.5, this should be fixed now.
-
Today I upgraded to pfSense 2.4.2-1. I didn't want to install Freeeradius anymore in pfSense since it didn't work anymore for me. But then you posted the problem should be fixed in the latest version. Today I tested it but sadly it is still the same.
I will keep the Freeradius 3 setup on pfSense for testing new package versions in the future.
Till it is fixed I'm using my other Freeradius 2. -
Hi,
today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords".
If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication"Is there any way to use non clear text password storage with working WPA-EAP?
-
Hi Zizi,
I have a freeradius 3 in pfsense and a external freeradius 2 in a vps. The last one works with plain password ánd nthash paswd's.
I have a test user with a plain passwd this is not working in fact non of my users can login wen i use the pfsense radius 3 server package. If i use the external freeradius 2 server i installed in a virtual debian system all users work 100% nthash and plan text password are no difference then. I have even md5 test users that do work also.I keep the FR3 package on pfsense on hand so I can test it if and wen there are updates in the hope one day it will work again.
-
Hi,
today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords".
If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication"Is there any way to use non clear text password storage with working WPA-EAP?
Same here.
