Client is using MSCHAPv2 for %s, we need NT-Password

Matthew Berry matthew.william.berry at gmail.com
Sat Jun 14 04:53:59 CEST 2014


Alan DeKok <aland at deployingradius.com> wrote:
>   The message should be clear.  What part is hard to understand?  See also:
>
> http://deployingradius.com/documents/protocols/compatibility.html

I checked out the link provided (and the source code) and I still take
issue with the message. It says it needs the NT-Password but doesn't
clearly indicate if it has an NT-Password. Clearly if it needs one but
it doesn't have one that's a problem. However if it needs one and it
has what it needs, well that's just a nice informative message. When I
read "we need NT-Password" I read that as "we need NT-Password in
order to operate but are missing one", this of course is subjective
others might read it the other way. The question is, why bother
mentioning it at all in that case? I need air to breathe. I have
plenty of air though, so it's not a big deal. It's safe to assume I
have air unless I say otherwise. If I told you I need air, you'd
(hopefully) become concerned for my well being.

>
>   Then it's the cause of the reject, isn't it?
>

Turns out it wasn't, there was a mismatch in the passwords. Sometimes
you spend so much time looking at the tiny details you miss the
obvious. After I put the correct password in everything was fine.

-Matt


More information about the Freeradius-Users mailing list