MS-CHAPv2 change password not working in master
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 16 11:51:34 CET 2012
On 11/16/2012 10:00 AM, Carlos Velasco wrote:
> windows popup in Cisco VPN client, but the change password process fails:
> ntlm_auth said: Password-Change: No Password-Change-Error: Wrong
> Password . .
Hmm.
>
> Winbind logs also shows:
> NT_STATUS_WRONG_PASSWORD
>
> Looking into code I suppose the problem is something with the old NT
> hash, but not an expert here. Any help would be apreciated.
>
> In these logs the user is "NIMASTELECOM\testpw".
> The current password is "y58R41ut8W" (expired).
> And the new password used was "H6eEWu7r65tw38ert1".
There *might* be a bug in the CPW code, but I can't really see how; it
tested fine when I wrote it, and the crypto/hash/blob stuff doesn't
really leave room for "only if CONDITION X do something invalid".
I'll take a look a little bit later but in the meantime can you confirm
that if you clear the "must change password", auth works fine with the
old/current password?
More information about the Freeradius-Users
mailing list