EAP-PEAP + Windows 7 with SSO and Password change
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 13 12:19:37 CEST 2012
On 13/06/12 10:44, Alan DeKok wrote:
> CD DD wrote:
>> i changed the source src/modules/rlm_mschap/rlm_mschap.c, recompiled and re-installed it.
>>
>> But it still not working.
>> Why the passchange part will not handled ?
> ...
>> (8) mschap : expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=e3426708aea6af13c9ba6ca1af31212f460cd1a834482660
>> Exec-Program output: Must change password (0xc0000224)
>> Exec-Program-Wait: plaintext: Must change password (0xc0000224)
>> Exec-Program: returned: 1
>> (8) mschap : ntlm_auth says password must change
>> (8) [mschap] = reject
>> rlm_eap_mschapv2: No MS-CHAPv2-Success or MS-CHAP-Error was found.
>
> That's the problem. Find out why the rlm_mschap module is *not*
> setting MS-CHAP-Error. From reading the code, it should be doing that.
>
> Unfortunately, figuring that out will take C debugging skills.
src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
about line 741, maybe this:
pairmove2(&response, &handler->request->reply->vps,
PW_MSCHAP_ERROR, 0);
...should be:
pairmove2(&response, &handler->request->reply->vps,
PW_MSCHAP_ERROR, VENDORSPEC_MICROSOFT);
?
I don't understand though; I tested this as working, so
Unfortunately my testbed is no longer assembled :o(
More information about the Freeradius-Users
mailing list