Security

When I use clearpass as a Radius server, and Windows AD / LDAP as an authentication source,then I encounter authentication issues.（no difference between using server 2008 and server 2003) I have attached some screenshots of the Clearpass.

错误代码: 216

错误类别: Authentication failure

错误消息: User authentication failed

此请求的警报 RADIUS  MSCHAP: Authentication failed

2014-03-31 18:00:45,219 [RequestHandler-1-0x7f3274762700 r=psauto-1396229786-275 h=79 r=R00000000-01-53393ccd] INFO Core.ServiceReqHandler - Service classification result = sylar-dot1x

2014-03-31 18:00:45,226 [Th 1 Req 0 SessId R00000000-01-53393ccd] WARN RadiusServer.Radius - win2008-ldap - 172.16.30.185: Password Attribute "userPassword" not available.

2014-03-31 18:00:45,227 [Th 1 Req 0 SessId R00000000-01-53393ccd] ERROR RadiusServer.Radius - rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.

2014-03-31 18:00:45,227 [Th 1 Req 0 SessId R00000000-01-53393ccd] ERROR RadiusServer.Radius - rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.

2014-03-31 18:00:45,228 [Th 1 Req 0 SessId R00000000-01-53393ccd] ERROR RadiusServer.Radius - rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

Any help is much appreciated!

It's hard to tell from the screenshots; are you using an Active Directory authentication source or Generic LDAP?

Yes, of course I use AD/LDAP as an authentication source!

Which one are you using though? There is an Active Directory source and a Generic LDAP source. You should be using the Active Directory source.

If I choose Active Dictionary, it works fine. But  I want to use Generic LDAP? Can that work?

May I ask why? 

MS-CHAPv2 will only work with the Active Directory preset.

I'm doing test. Does that mean I can use Active Dictionary as LDAP Server with PAP authentcation protocol?