MS-CHAP2 Response is incorrect

Matthew Ceroni matthewceroni at gmail.com
Wed Jan 29 20:40:58 CET 2014


Hi:

I have a FreeRadius server setup that is used to authenticate a
WPA2-Enteprise wireless network.

This is setup on a CentOS 6.5 server with FreeRadius version 2.1.12. I
also followed the instructions on configuring ActiveDirectory.

Everything works, 99% of the time. However after a certain amount of
time running I start to get authentication failures. The log shows:

Wed Jan 29 11:30:31 2014 : Debug: [eap] processing type mschapv2
Wed Jan 29 11:30:31 2014 : Debug: [mschapv2] # Executing group from
file /etc/raddb/sites-enabled/inner-tunnel
Wed Jan 29 11:30:31 2014 : Debug: [mschapv2] +- entering group MS-CHAP {...}
Wed Jan 29 11:30:31 2014 : Debug: [mschapv2]
modsingle[authenticate]: calling mschap (rlm_mschap) for request 21
Wed Jan 29 11:30:31 2014 : Debug: [mschap] Creating challenge hash
with username: vinoth
Wed Jan 29 11:30:31 2014 : Debug: [mschap] Told to do MS-CHAPv2 for
vinoth with NT-Password
Wed Jan 29 11:30:31 2014 : Debug: [mschap] radius_xlat: Running
registered xlat function of module mschap for string 'User-Name'
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
%{mschap:User-Name} -> vinoth
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
--username=%{%{mschap:User-Name}:-%{%{User-Name}:-None}} ->
--username=vinoth
Wed Jan 29 11:30:31 2014 : Debug: [mschap] radius_xlat: Running
registered xlat function of module mschap for string 'NT-Domain'
Wed Jan 29 11:30:31 2014 : Debug: [mschap] No NT-Domain was found in
the User-Name.
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand: %{mschap:NT-Domain} ->
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      ... expanding second conditional
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
--domain=%{%{mschap:NT-Domain}:-CLAIRMAIL} -> --domain=CLAIRMAIL
Wed Jan 29 11:30:31 2014 : Debug: [mschap] radius_xlat: Running
registered xlat function of module mschap for string 'Challenge'
Wed Jan 29 11:30:31 2014 : Debug: [mschap] Creating challenge hash
with username: vinoth
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
%{mschap:Challenge} -> 26bae25103c92b9d
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
--challenge=%{%{mschap:Challenge}:-00} -> --challenge=26bae25103c92b9d
Wed Jan 29 11:30:31 2014 : Debug: [mschap] radius_xlat: Running
registered xlat function of module mschap for string 'NT-Response'
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
%{mschap:NT-Response} ->
bc3ebc2680d1a09bd8f20d10586071f40fa03830ca779b81
Wed Jan 29 11:30:31 2014 : Debug: [mschap]      expand:
--nt-response=%{%{mschap:NT-Response}:-00} ->
--nt-response=bc3ebc2680d1a09bd8f20d10586071f40fa03830ca779b81
Wed Jan 29 11:30:31 2014 : Debug: [mschap] External script failed.
Wed Jan 29 11:30:31 2014 : Debug: [mschap] FAILED: MS-CHAP2-Response
is incorrect

The issue is resolved by simply restarting FreeRadius.

Any help on further troubleshooting would be appreciated.

Thanks


More information about the Freeradius-Users mailing list