MSCHAP Issues

J Kephart jkephart at safetynetaccess.com
Mon Jul 29 17:23:01 CEST 2019


On 7/27/19 1:03 PM, Sven Hartge wrote:
> On 27.07.19 01:20, Alan DeKok wrote:
>
>>    I suspect what's happening is that SQL contains the user name as "54:72:4F:69:14:B1", and not as "54-72-4F-69-14-B1'".
>

Sven and Alan,

Yes, we're using MACs in a lab scenario to test what the client is 
reporting.  What's strange about this is that FR reports that no 
cleartest-password can be found, yet  when we run the radcheck query 
from the debug output, we get the following:

SELECT id, username, attribute, value, op FROM radcheck WHERE username = 
'54-72-4F-69-14-B1' ORDER BY id;
+-------+-------------------+--------------------+-------------------+----+
| id    | username          | attribute          | value             | op |
+-------+-------------------+--------------------+-------------------+----+
| 13758 | 54-72-4F-69-14-B1 | Cleartext-Password | 54-72-4F-69-14-B1 | := |
+-------+-------------------+--------------------+-------------------+----+

As you can see, the password is there, as is the username, in hyphenated 
form.  We do no manipulation of the username at all, simply accepting 
what we receive.

So, if we can run the query and get the expected results, why is FR 
giving us the error?  Or, what are we doing wrong on the DB side? In my 
company, our radius team is a team of one -- me -- and I am truly trying 
the learn and understand as I much as I can, so I can fix this, and be 
able to recognize and diagnose any future recurrences.

I thank you both for your time.
-- Jim





More information about the Freeradius-Users mailing list