pfSense Gold Subscription

Author Topic: FreeRADIUS 3.x package NTLM problem  (Read 353 times)

0 Members and 1 Guest are viewing this topic.

Offline

  • Full Member
  • ***
  • Posts: 102
  • Karma: +4/-0
    • View Profile
FreeRADIUS 3.x package NTLM problem
« on: October 17, 2017, 11:07:08 am »
FreeRADIUS 3.x package NTLM problem since upgrade to PFS 2.4.
Before I used Freeradius 2. Since PFS 2.4 doesn't have Freeradius 2 package anymore I tried Freeradius 3.

OpenVPN and Captive portal both work with Freeradius 3 but wpa2-eap does not work anymore. I have 2 sites both same problem

The error i'm seeing is:
Oct 13 13:23:27    radiusd    48737    (38) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [SomeUsername] (from client AP2 port 0 via TLS tunnel)
Oct 13 13:23:20    radiusd    48737    (30) Login incorrect (eap_peap: The users session was previously rejected: returning reject (again.)): [anonymous] (from client AP3 port 0 cli F0-D7-AA-xx-xx-xx)

The last line has to do with the first one obviously.
I don't know how to go forward other then turning back to PFS 2.3.4 with Freeradius 2, which I did, and wpa-eap is working again.
« Last Edit: October 17, 2017, 11:19:24 am by Gé »
SUPERMICRO X7SPA-H-D525 Mini-itx, Intel Atom D525 Dual core 1.8ghz 64bit, Dual Intel 82574L Gigabit LAN ports, 4GB 800mhz ram, 30GB 2.5" SSD

Offline

  • Full Member
  • ***
  • Posts: 102
  • Karma: +4/-0
    • View Profile
Re: FreeRADIUS 3.x package NTLM problem
« Reply #1 on: November 01, 2017, 08:31:58 pm »
Tonight I upgraded to pfS 2.3.5. Again forced to use Freeradius 3 where I before used Freeradius 2 in 2.3.4 and again the same problem as with pfS 2.4:

Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [Username/<via Auth-Type = eap>] (from client AP2 port 0 via TLS tunnel)

Tomorrow re-install pfS 2.3.4 again  :(
SUPERMICRO X7SPA-H-D525 Mini-itx, Intel Atom D525 Dual core 1.8ghz 64bit, Dual Intel 82574L Gigabit LAN ports, 4GB 800mhz ram, 30GB 2.5" SSD

Offline

  • Full Member
  • ***
  • Posts: 102
  • Karma: +4/-0
    • View Profile
Re: FreeRADIUS 3.x package NTLM problem
« Reply #2 on: November 05, 2017, 07:01:11 pm »
I would realy like to upgrade to 2.4.
I'm not the only one with this problem:

https://forum.pfsense.org/index.php?topic=131883.msg737459#msg737459

How can I fix this?
I have no clou what to do other then staying on pfS 2.3.4.
« Last Edit: November 12, 2017, 02:42:21 pm by Gé »
SUPERMICRO X7SPA-H-D525 Mini-itx, Intel Atom D525 Dual core 1.8ghz 64bit, Dual Intel 82574L Gigabit LAN ports, 4GB 800mhz ram, 30GB 2.5" SSD

Offline Aeular

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: FreeRADIUS 3.x package NTLM problem
« Reply #3 on: November 29, 2017, 03:45:39 pm »
I didn't use 2.0, so can't say this is it for sure, but when setting up 3, I ran into that issue.  I found I had to store passwords as cleartext for it to work, not MD5.  Thats on the 2.4 line though. Hopefully that helps you

Offline

  • Full Member
  • ***
  • Posts: 102
  • Karma: +4/-0
    • View Profile
Re: FreeRADIUS 3.x package NTLM problem
« Reply #4 on: November 29, 2017, 03:59:39 pm »
I use NT-Password for most users I also have a test user with Cleartext-Password set. No difference they generate the same error message, I don't use md5. The 2 sites I have are in use I can't use them to test and/or try things. I have no other choice then to stay on pfSense 2.3 with Freeradius 2 for the time being. At the moment I have no idea how to figure this out.

Thank you for responding.
SUPERMICRO X7SPA-H-D525 Mini-itx, Intel Atom D525 Dual core 1.8ghz 64bit, Dual Intel 82574L Gigabit LAN ports, 4GB 800mhz ram, 30GB 2.5" SSD