EAP-MSCHAPV2: Invalid authenticator response in success request
Upgrade Samba. If you're not using at least 3.2.1, upgrade to that.
http://jim.geezas.com/stuff/radius-debugging/ *-failure.log), the message authenticator does seem to be invalid,
No. eapol_test is saying that the MSCHAP response is invalid.
Has anyone seen this problem before, or am I looking in the wrong place?
Others have seen exactly the same thing in the past weeks. Upgrading Samba fixed it.
Alan DeKok. -
I've upgraded to the testing version of samba for FC9, 3.2.1 which unfortunately didn't resolve the issue - still getting the 'Invalid authenticator response in success request' problem. jim@florence:~$ /usr/sbin/winbindd -V Version 3.2.1-18.fc9 Is there a known good version of Samba, or could the problem lie elsewhere? I've included the server output from the MSCHAP module trying the authentication for reference. +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for jim2 with NT-Password expand: --username=%{mschap:User-Name:-None} -> --username=jim2 rlm_mschap: No NT-Domain was found in the User-Name. expand: --domain=%{mschap:NT-Domain:-CURRICULUM} -> --domain=CURRICULUM mschap2: ee expand: --challenge=%{mschap:Challenge:-00} -> --challenge=c48639cf15fbe669 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=0b4b18f4afaa63f4147e4250c8c907f3248ba67e7ee976a0 Exec-Program output: NT_KEY: 1847BA6C5854C261219362F18B4923E4 Exec-Program-Wait: plaintext: NT_KEY: 1847BA6C5854C261219362F18B4923E4 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010800331a0307002e533d39313431454342383036383441464346413533303131384242454445363435373037323941383039 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40622130416a3b8e9b04d3d502f1f161 PEAP: Processing from tunneled session code 0xa13a0d0 11 EAP-Message = 0x010800331a0307002e533d39313431454342383036383441464346413533303131384242454445363435373037323941383039 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40622130416a3b8e9b04d3d502f1f161 PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 7 to 127.0.0.1 port 35048 EAP-Message = 0x0108005b19001703010050a25e02bf01a7f7f6ca355df2cec89e3c2508b47b180497a05669336d0ac233f14b38ed612205594956295de1abbda4f5e4f8f03753d57524e01a42e5d29cabcf7996143335211d76065176783a7bb8ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5899ddd95f91c4e2ae146201bfc3a1be Finished request 7. Going to the next request Waking up in 4.8 seconds. Cleaning up request 0 ID 0 with timestamp +5 Cleaning up request 1 ID 1 with timestamp +5 Cleaning up request 2 ID 2 with timestamp +5 Cleaning up request 3 ID 3 with timestamp +5 Cleaning up request 4 ID 4 with timestamp +5 Cleaning up request 5 ID 5 with timestamp +5 Cleaning up request 6 ID 6 with timestamp +5 Cleaning up request 7 ID 7 with timestamp +5 Ready to process requests. Thanks, James