eap-mschapv2 and radius.log

[Scott Armitage]

On 6 Dec 2012, at 14:07, Scott Armitage <S.P.Armitage at lboro.ac.uk> wrote:

> 
> On 6 Dec 2012, at 11:33, Scott Armitage <S.P.Armitage at lboro.ac.uk>
> wrote:
> 
>> All,
>> 
>> I have noticed a behaviour in the logging and I'm not sure if it is misconfiguration on my part, misunderstanding of the expected behaviour or a bug.  If I attempt to log in  using EAP-MSCHAPv2 inside of an eap method (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of the result of the inner EAP. e.g:
>> 
>> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel)
>> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel)
>> Thu Dec  6 11:10:56 2012 : Auth: Login OK: [anonymous at lboro.ac.uk] (from client pepsi port 0 cli 02-00-00-00-00-01)
>> 
>> This means if I have a user with a bad password I get the following in the log:
>> 
>> Thu Dec  6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel)
>> 
>> As the mschap module is waiting for the user to re-enter their password eventual it times out.  Therefore this is the only entry in the log.  Which is somewhat confusing, as it has actually failed but the only log entry is "Login OK".
>> 
>> Has anyone else noticed this behaviour?  or have I configured something wrong?
>> 
>> Regards
>> 
>> Scott Armitage-
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> Sorry forgot to say. I notice this with both FreeRADIUS Version 2.2.0 and 3.0


ignore this, I was just being dumb.  I had enabled SoH and the first OK is the SoH.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121206/60d7355e/attachment.pgp>