MS-CHAP-V2 with no retry
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 8 09:43:16 CEST 2011
On 04/08/2011 08:26 AM, Alan DeKok wrote:
> James J J Hooper wrote:
>> It works on Mac OS and iOS, but I havn't been able to get it to work
>> as expected on XP or Win7:
>> * Win7 does as it did before
>
> That's not all bad.
>
>> * XP: The [builtin] supplicant gets stuck at the 'tryng to authenticate'
>> message.
>
> That's not good.
>
>> Could you forward your patches gzipped [so they don't get mangled] so I
>> can verify I have patched the source correctly?
>
> I'll put some fixes into git "v2.1.x" branch later today, I think.
>
> Changing the EAP-MSCHAP state machine worries me. It works now, so
> doing something *different* is a potential source of problems.
+1 - In my experience it's necessary to cater for windows' weirdness
*first*. Most other clients have sane behaviours. I'm concerned about
the "we didn't do much windows testing" line...
I also think that, if we're aiming to make the behaviour "better" we
should take a careful look at what IAS/NPS does; we maintain a "for
comparison" server for just such cases, and I'll try to have a look today.
More information about the Freeradius-Users
mailing list