pptpd mschap auth fails

Horatiu Nimigean horatiu.nimigean at ddnet.ro
Tue Aug 6 18:18:46 CEST 2013


ok so i edited /etc/raddb/sites-enabled/default
and

commented pap from authorize { ... }
and commented
  Auth-Type PAP {
          pap
  }
from authenticate { ... }
but i still have the same error .

i have also created a new user betatesting1
i have also tested in the local shell (although it attempts mschapv1) 
and it gives me the same error

    [root at be-vpn ~]# radtest -t mschap betatesting1 secret 127.0.0.1
    1812 myubersecretpassword
    Sending Access-Request of id 13 to 127.0.0.1 port 1812
             User-Name = "betatesting1"
             NAS-IP-Address = 127.0.0.1
             NAS-Port = 1812
             Message-Authenticator = 0x00000000000000000000000000000000
             MS-CHAP-Challenge = 0xdca09b5922346674
             MS-CHAP-Response =
    0x000100000000000000000000000000000000000000000000000048cc2307c5dcb95d9cdc59f621d5d7e4b17c391d8ab5b4f4
    rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=13,
    length=112
             MS-CHAP-Error = "\000E=691 R=1
    C=f20ec16aa685d6a06f1ed900857d9c0e V=3 M=Re-enter (or reset) the
    password"


On 8/6/2013 6:31 PM, Phil Mayers wrote:
> On 06/08/13 16:04, Horatiu Nimigean wrote:
>> i have pptpd on a centos 6 box configured to use radius for auth.
>> radius in turn checks credentials in ldap.
>> the user in ldap has a samba extension and a configured password (i used
>> ldap account manager to set it up) it also has a sambaNTPassword field
>> and it's populated.
>> rpm -q freeradius gives freeradius-2.1.12-4.el6_3.x86_64
>>
>> the auth fails however when i try conencting from my windows8 client.
>> i need to mention that i am sure i'm inputting correct passwords.
>
> I you are *really* sure of this (have you created a test user with a 
> simple password?), then it might be the PAP module "helpfully" 
> fiddling with the password:
>
>>     [pap] Normalizing NT-Password from hex encoding
>>     [pap] Normalizing SSHA1-Password from base64 encoding
>
> Try commenting out "pap", since you're not using it
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130806/62012842/attachment.html>


More information about the Freeradius-Users mailing list