so mschap is working again, but now radius stops processing at sending the access-challenge to the accesspoint. it should not be a certificate problem, since the error is happening with all devices (win, mac, mobiles,..). proxy requests to another radius are working fine.<div>
<br></div><div>andy ideas?</div><div><br></div><div>i am running on freeradius self compiled under centos5</div><div><br></div><div>update: after a reboot it is working again... any ideas what could have caused the problem? reboot is not a solution if it happens again.</div>
<div><br></div><div>-euro<br><div><br></div><div><div>[mschap] adding MS-CHAPv2 MPPE keys</div><div>++[mschap] returns ok</div><div>MSCHAP Success </div><div>++[eap] returns handled</div><div>} # server eduroam-inner-tunnel</div>
<div>[peap] Got tunneled reply code 11</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010b00331a030a002e533d46313235324136433543373437413137363637363739333345314443413030444330393842343436</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x34d7bc0635dca66007f66a576398301e</div>
<div>[peap] Got tunneled reply RADIUS code 11</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010b00331a030a002e533d46313235324136433543373437413137363637363739333345314443413030444330393842343436</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x34d7bc0635dca66007f66a576398301e</div>
<div>[peap] Got tunneled Access-Challenge</div><div>++[eap] returns handled</div><div>} # server eduroam</div><div>Sending Access-Challenge of id 74 to 10.80.10.150 port 1645</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010b005b190017030100505394731e4048fe963007422bc8845a6901f4d04aa5c7f8e3c1bfc8b90a673a8bcde0455548fdfa1613eccb28d130d26caee4ca2fa7780f7f1f6df04625ee7ba950b11c3e610052763cc6cadcf803d7c9</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x193fdf6a1034c6d4fb779767b11c2fbf</div>
<div>Finished request 9.</div><div>Going to the next request</div><div>Waking up in 1.0 seconds.</div><div>Cleaning up request 0 ID 65 with timestamp +7</div><div><br></div><div><br><br><div class="gmail_quote">On Wed, Apr 7, 2010 at 9:31 AM, mr typo <span dir="ltr"><<a href="mailto:euroregistrar@gmail.com">euroregistrar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><span style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse">hello,<div><br></div><div>i have added the with_nt_domain_hack in the mschapv2 section of eap.conf</div>
<div><br></div><div><div>mschapv2 {</div><div> with_ntdomain_hack = yes</div><div> }</div></div><div><br></div><div><br></div><div>with this change i am getting the following in debug log:</div>
<div><div class="im"><div>[eap] processing type mschapv2</div><div>[mschapv2] +- entering group MS-CHAP {...}</div></div><div>[mschap] Told to do MS-CHAPv2 for <a href="mailto:asartori@fh-salzburg.ac.at" style="color:rgb(195, 57, 11)" target="_blank">asartori@fh-salzburg.ac.at</a> with NT-Password</div>
<div>[mschap] <span style="white-space:pre"> </span>expand: --username=%{Stripped-User-Name} -> --username=asartori</div><div>[mschap] mschap2: f9</div><div>[mschap] <span style="white-space:pre"> </span>expand: --challenge=%{mschap:Challenge} -> --challenge=f06598f7d3c7a32d</div>
<div>[mschap] <span style="white-space:pre"> </span>expand: --nt-response=%{mschap:NT-Response} -> --nt-response=eee56e2489411d6d778ab1a40cee629b6abce82769c1c1d1</div><div>Exec-Program output: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB </div>
<div>Exec-Program-Wait: plaintext: NT_KEY: 3395EA4C15F1E2CE98AB55D36DE5DFBB </div><div>Exec-Program: returned: 0</div><div>[mschap] adding MS-CHAPv2 MPPE keys</div><div>++[mschap] returns ok</div><div>MSCHAP Success </div>
<div>++[eap] returns handled</div></div><div><br></div><div>but i never receive a access-accept. from my understanding it should work?</div><div><br></div><div>the complete debug log is at: <a href="https://overlord.fh-salzburg.ac.at/~asartori/debug.txt" style="color:rgb(195, 57, 11)" target="_blank">https://overlord.fh-salzburg.ac.at/~asartori/debug.txt</a></div>
<div><br></div><div>i hope someone can help!</div><div><br></div><div>kind regards</div><div><br></div><div>-euro</div></span><div><div></div><div class="h5"><br><div class="gmail_quote">On Tue, Apr 6, 2010 at 8:02 PM, mr typo <span dir="ltr"><<a href="mailto:euroregistrar@gmail.com" target="_blank">euroregistrar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">ill try that. it is just strange that it worked until now..<div><br></div><div>in the module mschap i am doing a ntlm_auth request. that is how the authenticate sections looks like now.</div>
<div><br></div><div><div>authenticate {</div>
<div> Auth-Type MS-CHAP {</div><div> mschap</div><div> }</div><div> eap</div><div> }</div><div><br></div><div>so i configure ntlm_auth from the modules and put the directive ntlm_auth just before "Auth-Type MS-CHAP"?</div>
<div><br></div><div>ill try that tomorrow, right now i have no chance to test it out.</div><div><br></div><div>regards</div><div><br></div><div>-euro</div><div><div></div><div><br><div class="gmail_quote">On Tue, Apr 6, 2010 at 5:20 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>mr typo wrote:<br>
> [mschap] Told to do MS-CHAPv2 for <a href="mailto:asartori@fh-salzburg.ac.at" target="_blank">asartori@fh-salzburg.ac.at</a><br>
</div>> <mailto:<a href="mailto:asartori@fh-salzburg.ac.at" target="_blank">asartori@fh-salzburg.ac.at</a>> with NT-Password<br>
<div>> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>
<br>
</div> You forced MS-CHAP (i.e. non-ntlm_auth) authentication in FreeRADIUS.<br>
Fix that.<br>
<font color="#888888"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></blockquote></div><br></div></div></div>
</blockquote></div><br>
</div></div></blockquote></div><br></div></div></div>