Isaac Boukris wrote:
Is there a 'known limitation' page which reflects behavior changes between version 2.x and 3.x?
Mostly in the ChangeLog.
I am asking as I spent many hours last weened to figure out why a given case was failing with v3.x while it succeeded with v2.x (latest git).
The case was with a proprietary NAS device authenticating via MSCHAP-2 protocol when the password contains a UTF-8 multi-byte character such as €, £, я, א, etc (locally with MYSQL back end - not via ntlm_auth).
Which is a good area for problems.
After lots of debugs (including dumping nt-hashes from windows server and testing with MS radius) it appears that v3.x was actually correct (the NT-hash matched what I was expecting).
Yes.
The reason the NAS worked only with v2.x was because it was doing the conversion as if the password was plain ASCII similar to the way it is done in FR v2.x: https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/src/modules/rlm_... Compare to FR v3: https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_...
Yes. The old code was wrong.
I tried to look up information on this difference in behavior but with no luck so maybe it could be nice to state such changes in behavior somewhere (even correct changes which aren't ported back).
Feel free to update the Wiki with a summary of the ChangeLong.
Apologize if this comment isn't appropriate.
Noting bugs is fine. But a community project depends on the *community* for work, too. The Wiki is there for a reason. I wish more people would update it. Alan DeKok.