MS-CHAP2 Failure

Alan DeKok aland at deployingradius.com
Wed Mar 18 08:26:41 CET 2009


Mike Diggins wrote:
> I've made no progress in finding a solution to my MSCHAP problem. To
> summarize, Winbind and FreeRadius authenticate via PAP fine on both
> servers (RedHat V5), but MSCHAP fails on one of the two (see below). I
> tried tar'ing up the entire /etc/raddb directory and copied it to the
> other machine, but it still fails. I also rejoined the Windows domain,
> but nothing is working. Does MSCHAP have any other dependency on the
> system, that PAP doesn't?

  No.

  The mschap module configuration is pretty simple.  The debug output
you showed leads me to conclude that the "ntlm_auth" configuration is
commented out in the mschap module configuration.

  Or, the module configuration is in a different file than the one
you're looking at.

  Run the server in debugging mode, and look for the mschap module
startup.  It will print out its configuration.  If this doesn't match
what you expect, see which file it's reading.  It will print that out, too.

  Alan DeKok.



More information about the Freeradius-Users mailing list