After upgrade to ClearPass 6.5 we are interested in method EAP-PWD.
We have tested this method with Freeradisus 3.0 without problems.
May be there are a problem in ClearPass 6.5 with the format (NThash, PasswordHashHash) of the password atrribute?
Any suggestions to solve the problem?
Thanks in advance,
Toni Pérez
-------------------------------------------------------------------------
Our Problem:
-------------------------------------------------------------------------
We have tested local users and LDAP users with the same problem in Access Tracker:
- EAP-PWD: User-Password not available
EAP-PWD: Cannot retrieve User Password
Analyzing logs in debug mode for a local user:
- DEBUG RadiusServer.Radius - rlm_sql (auth_local_db): User toniperez found
INFO RadiusServer.Radius - rlm_sql: found user toniperez in Local:localhost
DEBUG RadiusServer.Radius - rlm_eap: processing type pwd instance EAP PWD]
DEBUG RadiusServer.Radius - The request contains following persistent config items
DEBUG RadiusServer.Radius - Crypt-Password = <REMOVED>
DEBUG RadiusServer.Radius - NT-Password = <REMOVED>
DEBUG RadiusServer.Radius - Persisted-User-Name = "toniperez"
DEBUG RadiusServer.Radius - Authentication-Source = "Local:localhost"
DEBUG RadiusServer.Radius - rlm_eap_pwd: eap_pwd_authenticate peer id - toniperez
DEBUG RadiusServer.Radius - rlm_eap_pwd: request user name toniperez, peer id toniperez
DEBUG RadiusServer.Radius - Crypt-Password = <REMOVED>
DEBUG RadiusServer.Radius - NT-Password = <REMOVED>
DEBUG RadiusServer.Radius - Persisted-User-Name = "toniperez"
DEBUG RadiusServer.Radius - Authentication-Source = "Local:localhost"
DEBUG RadiusServer.Radius - Authentication-Source-Name = "Local User Repository]"
DEBUG RadiusServer.Radius - Authentication-EAP-Method = "pwd"
ERROR RadiusServer.Radius - failed to find password for toniperez to do pwd authentication
Analyzing logs in debug mode for an LDAP user with NT-Hash attribute:
- DEBUG RadiusServer.Radius - rlm_ldap: Retrieved NT-Password
INFO RadiusServer.Radius - rlm_ldap: found user abc123 in Ldap:ldap.domain.com
DEBUG RadiusServer.Radius - Persisted-User-Name = "abc123"
DEBUG RadiusServer.Radius - NT-Password = <REMOVED>
DEBUG RadiusServer.Radius - Authentication-EAP-Method = "pwd"
ERROR RadiusServer.Radius - failed to find password for abc123 to do pwd authentication