MS-CHAPv2 change password not working in master
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 16 17:36:04 CET 2012
On 16/11/12 14:08, Carlos Velasco wrote:
>> On 16/11/12 11:43, Carlos Velasco wrote:
>>
>>> I don't see LM hashes allowed in the Radius attributes for password
>>> change. Don't seem Cisco using them.
>>
>> Sorry yes ignore me; I'm being dumb.
>>
>
> Ok. After further findings... it is a bug in Cisco IOS router version
> 15.1M. Downgrading to 15.0M works fine.
>
> I have seen that after "Password change successful", the module tries to
> authenticate the user again but with wrong password, I suppose. "Logon
> failure".
That's supposed to work. The "change password" code modifies the request
in-place and falls through to the auth code. It might be that "ntlm_auth
/ Samba" haven't "caught up" with the password change, if it's slow to
replicate.
More information about the Freeradius-Users
mailing list