MS-CHAP-V2 with no retry
James J J Hooper
jjj.hooper at bristol.ac.uk
Fri Mar 4 15:41:46 CET 2011
--On Friday, March 04, 2011 13:32:35 +0100 Alan DeKok
<aland at deployingradius.com> wrote:
> Alan DeKok wrote:
>> James J J Hooper wrote:
>>>> rlm_eap_mschapv2.c: In function `mschapv2_authenticate':
>>>> rlm_eap_mschapv2.c:658: error: called object is not a function
>>>> rlm_eap_mschapv2.c:658: error: too few arguments to function
>>>> `pairmove2'
>>> I've added the missing comma, and it's building now.... :-)
>>
>> Then you're using the git "master" branch, and not 2.1.x.
>
> Nope, my mistake. See the recent message for a better patch.
*** With a bad password it does:
[eduroamlocalmschap] expand:
--nt-response=%{eduroamlocalmschap:NT-Response} ->
--nt-response=58a58ef81a7975443ce2f2ea61d6e66b11974cd3fbbf2b2d
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[eduroamlocalmschap] External script failed.
[eduroamlocalmschap] FAILED: MS-CHAP2-Response is incorrect
++[eduroamlocalmschap] returns reject
rlm_eap_mschapv2: No MS-CHAPv2-Success or MS-CHAP-Error was found.
[eduroamlocaleap-bris-sha-ca] Handler failed in EAP/mschapv2
[eduroamlocaleap-bris-sha-ca] Failed in EAP select
++[eduroamlocaleap-bris-sha-ca] returns invalid
Failed to authenticate the user.
Login incorrect (eduroamlocalmschap: External script says Logon failure
(0xc000006d)): [jh1761 at bris.ac.uk] (from client custard-66 port 0 cli
99-88-77-66-55-44 via TLS tunnel)
} # server eduroamlocal-inner
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eduroamlocaleap-bris-sha-ca] returns handled
*** With a locked out user it does:
server eduroamlocal-inner {
Exec-Program output: Account locked out (0xc0000234)
Exec-Program-Wait: plaintext: Account locked out (0xc0000234)
Exec-Program: returned: 1
rlm_eap_mschapv2: No MS-CHAPv2-Success or MS-CHAP-Error was found.
Login incorrect (eduroamlocalmschap: External script says Account locked
out (0xc0000234)): [jh1761-s at bris.ac.uk] (from client custard-66 port 0 cli
99-88-77-66-55-44 via TLS tunnel)
} # server eduroamlocal-inner
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
attr_filter: Matched entry DEFAULT at line 1
Sending Access-Challenge of id 7 to 137.222.253.66 port 48817
EAP-Message =
0x0108002b19001703010020bfba7af9865436c3cbcd179868046228adb578769d6312fd4cb3caaf3626edc0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2183e4ed268bfd6e277ccbd19a06e21c
* Also, each time MS-CHAP-Error seems to be prefixed with a character - Is
that intended?
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
More information about the Freeradius-Users
mailing list