I express myself very badly, sorry. The configuration I put in my first mail is the current configuration, running, after restart. The debug and commands output are from the current - reloaded - configuration. There's only 1 entry in the radcheck table, and it's current password is "blabla". The three error outputs are relative to the logs. This means that the three cases are different : old password => working (and should not at all) current password "blabla" => [mschap] Told to do MS-CHAPv1 with NT-Password \n [mschap] MS-CHAP-Response is incorrect. random string (not in the database) => [mschap] No Cleartext-Password configured. Cannot create LM-Password. (correct error) I don't understand how radius can still authenticate with the old password. An output of the users file and MySQL table is available in my first mail. I don't know where the old password can be still stored. Le 11/07/2011 13:04, Alan DeKok a écrit :
Bastien Semene wrote:
I'm currently - trying to - set up a radius server. The backend used is MySQL. I'm using FreeRADIUS 2.1.11 on FreeBSD 8
During my tests, for the same user I used "test" password, then "blabla" password. Now, I use "blabla" and it's not working. instead "test" is still working ... I tested with a third string ("ahaha") , there's a third error output... I have no idea what that means.
I tried restarting radiusd and the jail it's running into, this does changes nothing. All this commands/outputs are from the same running server (I mean no reboot).
How can this happen ? The server reads it's configuration files only when it starts. If you edit the configuration files, you will need to restart the server.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
If you think experts are expensive, wait to see what amateurs will cost you -- Bastien Semene Administrateur Réseau& Système
Cyanide Studio - FRANCE