Windows 7 prompting several times

jaimeventura jaimeventura at
Mon Apr 2 17:08:33 CEST 2012

I've been following the this tread for quite a while.
I also had this problem of windows 7 prompting for credential several times
without showning any error message.
The problem was gone once i updated 2.1.10(debian) to 2.1.12.
Now, if the user enters wrong credentials, windows prompts for credentials
again with a message stating that the user credentials are invalid. The
problem is that if the user now types the correct credential, the access
will still be denied. After the third retry, windows gives up on asking and
the user must click on the wireless network icon, to start the login process

As Alan said, this seemed like windows was caching the bad credentials.
But, the logs states a different message. After the first "access denied",
each retry comes with a "rlm_eap_mschapv2:Unexpected response received".
Im not saying there's a freeradius fault, it can be windows fault or just
windows not following the RFC(wouldnt be the first time).

I've also looked at the code, to try to figure out what was happening.
At rlm_eap_mschapv2.c (line 444):
		if (data->code != PW_EAP_MSCHAPV2_CHALLENGE) {
			radlog(L_ERR, "rlm_eap_mschapv2: Unexpected response received");
			return 0;

the if clause is reached having data->code = PW_EAP_MSCHAPV2_FAILURE.

Aparently windows is sending a EAP-Response/MSCHAP_Failure where it should
send a EAP-Failure/MSCHAP_Failure (to acknowlage the previous sent
EAP-Request/Failure, acording to RFC 'Appendix A - Examples') 
Should send a EAP-Response/MSCHAP_Response since it is actually retrying the

One possibility is that the new "send_error" option is missleading windows.
According to  RFC 'Appendix A - Examples', a "retry" flag in order to tell
windows to try again.

Since my knowledge of the freeradius souce code is very basic, i couldnt
figure out exactly if this is happening.


View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list