Plans for the next few releases
Alan DeKok
aland at deployingradius.com
Tue Nov 11 22:32:56 CET 2014
Isaac Boukris wrote:
> Is there a 'known limitation' page which reflects behavior changes
> between version 2.x and 3.x?
Mostly in the ChangeLog.
> I am asking as I spent many hours last weened to figure out why a
> given case was failing with v3.x while it succeeded with v2.x (latest
> git).
>
> The case was with a proprietary NAS device authenticating via MSCHAP-2
> protocol when the password contains a UTF-8 multi-byte character such
> as €, £, я, א, etc (locally with MYSQL back end - not via ntlm_auth).
Which is a good area for problems.
> After lots of debugs (including dumping nt-hashes from windows server
> and testing with MS radius) it appears that v3.x was actually correct
> (the NT-hash matched what I was expecting).
Yes.
> The reason the NAS worked only with v2.x was because it was doing the
> conversion as if the password was plain ASCII similar to the way it is
> done in FR v2.x:
> https://github.com/FreeRADIUS/freeradius-server/blob/v2.x.x/src/modules/rlm_mschap/mschap.c#L48
> Compare to FR v3:
> https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_mschap/mschap.c#L50
Yes. The old code was wrong.
> I tried to look up information on this difference in behavior but with
> no luck so maybe it could be nice to state such changes in behavior
> somewhere (even correct changes which aren't ported back).
Feel free to update the Wiki with a summary of the ChangeLong.
> Apologize if this comment isn't appropriate.
Noting bugs is fine. But a community project depends on the
*community* for work, too. The Wiki is there for a reason. I wish more
people would update it.
Alan DeKok.
More information about the Freeradius-Users
mailing list