pptpd mschap auth fails
Horatiu Nimigean
horatiu.nimigean at ddnet.ro
Tue Aug 6 18:18:46 CEST 2013
ok so i edited /etc/raddb/sites-enabled/default
and
commented pap from authorize { ... }
and commented
Auth-Type PAP {
pap
}
from authenticate { ... }
but i still have the same error .
i have also created a new user betatesting1
i have also tested in the local shell (although it attempts mschapv1)
and it gives me the same error
[root at be-vpn ~]# radtest -t mschap betatesting1 secret 127.0.0.1
1812 myubersecretpassword
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = "betatesting1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
MS-CHAP-Challenge = 0xdca09b5922346674
MS-CHAP-Response =
0x000100000000000000000000000000000000000000000000000048cc2307c5dcb95d9cdc59f621d5d7e4b17c391d8ab5b4f4
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=13,
length=112
MS-CHAP-Error = "\000E=691 R=1
C=f20ec16aa685d6a06f1ed900857d9c0e V=3 M=Re-enter (or reset) the
password"
On 8/6/2013 6:31 PM, Phil Mayers wrote:
> On 06/08/13 16:04, Horatiu Nimigean wrote:
>> i have pptpd on a centos 6 box configured to use radius for auth.
>> radius in turn checks credentials in ldap.
>> the user in ldap has a samba extension and a configured password (i used
>> ldap account manager to set it up) it also has a sambaNTPassword field
>> and it's populated.
>> rpm -q freeradius gives freeradius-2.1.12-4.el6_3.x86_64
>>
>> the auth fails however when i try conencting from my windows8 client.
>> i need to mention that i am sure i'm inputting correct passwords.
>
> I you are *really* sure of this (have you created a test user with a
> simple password?), then it might be the PAP module "helpfully"
> fiddling with the password:
>
>> [pap] Normalizing NT-Password from hex encoding
>> [pap] Normalizing SSHA1-Password from base64 encoding
>
> Try commenting out "pap", since you're not using it
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130806/62012842/attachment.html>
More information about the Freeradius-Users
mailing list