eap-mschapv2 and radius.log

Scott Armitage S.P.Armitage at lboro.ac.uk
Thu Dec 6 15:07:59 CET 2012


On 6 Dec 2012, at 11:33, Scott Armitage <S.P.Armitage at lboro.ac.uk>
 wrote:

> All,
> 
> I have noticed a behaviour in the logging and I'm not sure if it is misconfiguration on my part, misunderstanding of the expected behaviour or a bug.  If I attempt to log in  using EAP-MSCHAPv2 inside of an eap method (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of the result of the inner EAP. e.g:
> 
> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel)
> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel)
> Thu Dec  6 11:10:56 2012 : Auth: Login OK: [anonymous at lboro.ac.uk] (from client pepsi port 0 cli 02-00-00-00-00-01)
> 
> This means if I have a user with a bad password I get the following in the log:
> 
> Thu Dec  6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel)
> 
> As the mschap module is waiting for the user to re-enter their password eventual it times out.  Therefore this is the only entry in the log.  Which is somewhat confusing, as it has actually failed but the only log entry is "Login OK".
> 
> Has anyone else noticed this behaviour?  or have I configured something wrong?
> 
> Regards
> 
> Scott Armitage-
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Sorry forgot to say. I notice this with both FreeRADIUS Version 2.2.0 and 3.0

Regards

Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121206/46d5f17d/attachment.pgp>


More information about the Freeradius-Users mailing list