Il 20/01/2012 11:55, Phil Mayers ha scritto:
If that's really all you've changed, there must be something wrong with Samba; it's getting the final crypto blob wrong, and the client is dropping the packets. You'll need to investigate and fix this. Just tested with radtest (have had to use single quotes and FOUR backslashes! -- my password is obviously in $P): # radtest -t mschap 'PERSONALE\\\\diego.zuccato' "$P" localhost 0 testing123 Sending Access-Request of id 123 to 127.0.0.1 port 1812 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 MS-CHAP-Challenge = 0x7f218889d9de0c84 MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000015ea491108aa02bb34b5fe79918a67cd8a7b069240091194 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=123, length=84 MS-CHAP-MPPE-Keys = 0x00000000000000003b1acd0b65d7af221df50f6ca50447cf0000000000000000 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006
And the Access-Accept is quite fast. When using eapol_test, I get the timeout. The difference is that radtest seems to use mschapv1 while eapol_test uses mschapv2. What could be so wrong that v1 works and v2 doesn't? IIUC v2 includes username and client nonce in the authenticator, while v1 doesn't. BYtE, Diego.