MS-CHAPv2 change password not working in master

Phil Mayers p.mayers at imperial.ac.uk
Fri Nov 16 17:36:04 CET 2012


On 16/11/12 14:08, Carlos Velasco wrote:
>> On 16/11/12 11:43, Carlos Velasco wrote:
>>
>>> I don't see LM hashes allowed in the Radius attributes for password
>>> change. Don't seem Cisco using them.
>>
>> Sorry yes ignore me; I'm being dumb.
>>
>
> Ok. After further findings... it is a bug in Cisco IOS router version
> 15.1M. Downgrading to 15.0M works fine.
>
> I have seen that after "Password change successful", the module tries to
> authenticate the user again but with wrong password, I suppose. "Logon
> failure".

That's supposed to work. The "change password" code modifies the request 
in-place and falls through to the auth code. It might be that "ntlm_auth 
/ Samba" haven't "caught up" with the password change, if it's slow to 
replicate.


More information about the Freeradius-Users mailing list