Problem ms-chapv2
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Feb 7 09:08:49 CET 2011
Hi,
> Hello.Please help me.I try to setup FreeRadius (FreeBSD 7.2-RELEASE
> amd64)to setup as proxy.Windows clients can`t connect this default
> settings in pppoe connection (on tab security enabled all auth protocols)
> server send 691 error.If i disable all protocols except mschapv1
> everything works fine without errors.
> Please tell me what I am doing wrong.All settings in the conf files by
> default, changed only proxy.conf and client.conf.
> I tried 2.1.10 ,2.1.9 versions.
in this case, FreeRADIUS is only doing what its told..... which its told by your
remote server to do - reject .
<cut>
> Mon Feb 7 10:28:40 2011 : Info: Proxy! ing request 65 to home server
> 172.20.192.19 port 1812
> Sending Acces s-Request of id 255 to 172.20.192.19 port 1812
<snip>
> rad_recv: Access-Reject packet from host 172.20.192.19 port 1812, id=255,
> length=43
> Reply-Message = "Authorization failed."
<cut>
okay.....so MSCHAPv2 etc are very fussy. my assumption here would be that
in your proxy.conf, for the 'moco' realm, you havent got 'nostrip' defined..
so user-name is getting altered. this really plays merry games with end
authentication systems that use that as part of the hashing etc. define
that realm as 'nostrip' and then you should see 'test-user at moco' being
sent off as User-Name to 172.20.192.19 and it will work.
alan
More information about the Freeradius-Users
mailing list