MS-CHAP2 Failure
Mike Diggins
mike.diggins at mcmaster.ca
Wed Mar 18 14:05:33 CET 2009
On Wed, 18 Mar 2009, Alan DeKok wrote:
> Mike Diggins wrote:
>> I've made no progress in finding a solution to my MSCHAP problem. To
>> summarize, Winbind and FreeRadius authenticate via PAP fine on both
>> servers (RedHat V5), but MSCHAP fails on one of the two (see below). I
>> tried tar'ing up the entire /etc/raddb directory and copied it to the
>> other machine, but it still fails. I also rejoined the Windows domain,
>> but nothing is working. Does MSCHAP have any other dependency on the
>> system, that PAP doesn't?
>
> No.
>
> The mschap module configuration is pretty simple. The debug output
> you showed leads me to conclude that the "ntlm_auth" configuration is
> commented out in the mschap module configuration.
>
> Or, the module configuration is in a different file than the one
> you're looking at.
>
> Run the server in debugging mode, and look for the mschap module
> startup. It will print out its configuration. If this doesn't match
> what you expect, see which file it's reading. It will print that out, too.
Bingo! Sure enough the mschap section was different. I normally make
backup copies of any file I change, and append it with a .ORIG. I left
those backup files in the original directories, not realizing the program
was reading both files. For some reason the working server was picking up
the right configuration, whereas the failing one wasn't, possibly due to
the order it was reading them!? Anyway, I will move out all my backup
files from both servers.
Thanks everyone for your help!
-Mike
More information about the Freeradius-Users
mailing list