ntlm_auth is not used by mschap

robiwan at arcor.de robiwan at arcor.de
Thu May 4 07:46:09 CEST 2006 

You send a packet that does not contain any MS-CHAP attributes. Because of 
that, the server is not doing MS-CHAP:

>   modcall[authorize]: module "mschap" returns noop for request 0

As this line tells you.

Send a MS-CHAP request, and look what happens then.

Stefan

Hi ,

Now i send a mschap request (EAP/PEAP with WindowsXP) and that is the output of my radiusd:

rad_recv: Access-Request packet from host 10.187.0.15:1645, id=229, length=137
        NAS-IP-Address = 10.187.0.15
        NAS-Port = 50103
        NAS-Port-Type = Ethernet
        User-Name = "WINLAB\\roka"
        Called-Station-Id = "00-14-69-5B-8B-03"
        Calling-Station-Id = "00-0B-5D-84-AE-CA"
        Service-Type = Framed-User
        Framed-MTU = 1500
        EAP-Message = 0x020000100157494e4c41425c726f6b61
        Message-Authenticator = 0x90f61cee340a78e94ee24fe3c625baa0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "WINLAB\roka", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 16
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 174
    users: Matched entry DEFAULT at line 198
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 229 to 10.187.0.15:1645
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        EAP-Message = 0x010100160410be8025aedc237e79bb769d7448c5e684
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x01aa44a4c384c8d0b88b27a8f803a381
Finished request 0
Going to the next request
 

Again the   
modcall[authorize]: module "mschap" returns noop for request 0
You said, this mean i do not send a mschap request.

What else can i do ?

Many thanks in Advance
Robert


Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur  44,85 €  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2

More information about the Freeradius-Users mailing list