On Jan 19, 2020, at 9:29 PM, Lang, Russell <Russell.Lang@team.telstra.com> wrote:
Using radtest -t mschap valid-user@domain invalid_password 127.0.0.1 0 radius_secret replied with MS-CHAP-Error = "\000E=691 R=1 C=ad8367a70f809d72 V=2" My reading of the MS-CHAP-V2 RFC2759 and PPP CHAP RFC1994 is that this should have been MS-CHAP-Error = "E=691 R=1 C=ad8367a70f809d72 V=2"
RFC 1994 Section 4 states that the packet format contains a one-octet identifier. In this case, the leading "\000". RFC 2433 and 2579 say that the Failure packet is identical in formation to the normal CHAP message format. i.e. with the identifier. Further, FreeRADIUS interoperates with all MS-CHAP implementations, which add the 1-octet identifier, and which look for it. Alan DeKok.