MS-CHAP Auth fail, password cache ?
admin at cyanide-studio.com
Mon Jul 11 13:46:21 CEST 2011
I express myself very badly, sorry.
The configuration I put in my first mail is the current configuration,
running, after restart.
The debug and commands output are from the current - reloaded -
There's only 1 entry in the radcheck table, and it's current password is
The three error outputs are relative to the logs. This means that the
three cases are different :
old password => working (and should not at all)
current password "blabla" => [mschap] Told to do MS-CHAPv1 with
NT-Password \n [mschap] MS-CHAP-Response is incorrect.
random string (not in the database) => [mschap] No Cleartext-Password
configured. Cannot create LM-Password. (correct error)
I don't understand how radius can still authenticate with the old password.
An output of the users file and MySQL table is available in my first
mail. I don't know where the old password can be still stored.
Le 11/07/2011 13:04, Alan DeKok a écrit :
> Bastien Semene wrote:
>> I'm currently - trying to - set up a radius server.
>> The backend used is MySQL. I'm using FreeRADIUS 2.1.11 on FreeBSD 8
>> During my tests, for the same user I used "test" password, then "blabla"
>> Now, I use "blabla" and it's not working. instead "test" is still
>> working ...
>> I tested with a third string ("ahaha") , there's a third error output...
> I have no idea what that means.
>> I tried restarting radiusd and the jail it's running into, this does
>> changes nothing.
>> All this commands/outputs are from the same running server (I mean no
>> How can this happen ?
> The server reads it's configuration files only when it starts. If you
> edit the configuration files, you will need to restart the server.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> If you think experts are expensive,
> wait to see what amateurs will cost you
> Bastien Semene
> Administrateur Réseau& Système
> Cyanide Studio - FRANCE
More information about the Freeradius-Users