MS-CHAP Auth fail, password cache ?

Bastien Semene admin at
Mon Jul 11 13:46:21 CEST 2011

I express myself very badly, sorry.

The configuration I put in my first mail is the current configuration, 
running, after restart.
The debug and commands output are from the current - reloaded - 
There's only 1 entry in the radcheck table, and it's current password is 

The three error outputs are relative to the logs. This means that the 
three cases are different :
old password => working (and should not at all)
current password "blabla" => [mschap] Told to do MS-CHAPv1 with 
NT-Password \n [mschap] MS-CHAP-Response is incorrect.
random string (not in the database) => [mschap] No Cleartext-Password 
configured.  Cannot create LM-Password.  (correct error)

I don't understand how radius can still authenticate with the old password.
An output of the users file and MySQL table is available in my first 
mail. I don't know where the old password can be still stored.

Le 11/07/2011 13:04, Alan DeKok a écrit :
> Bastien Semene wrote:
>> I'm currently - trying to - set up a radius server.
>> The backend used is MySQL. I'm using FreeRADIUS 2.1.11 on FreeBSD 8
>> During my tests, for the same user I used "test" password, then "blabla"
>> password.
>> Now, I use "blabla" and it's not working. instead "test" is still
>> working ...
>> I tested with a third string ("ahaha") , there's a third error output...
>    I have no idea what that means.
>> I tried restarting radiusd and the jail it's running into, this does
>> changes nothing.
>> All this commands/outputs are from the same running server (I mean no
>> reboot).
>> How can this happen ?
>    The server reads it's configuration files only when it starts.  If you
> edit the configuration files, you will need to restart the server.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> -- 
> If you think experts are expensive,
> wait to see what amateurs will cost you
> --
> Bastien Semene
> Administrateur Réseau&  Système
> Cyanide Studio - FRANCE

More information about the Freeradius-Users mailing list