MS-CHAP2-Response is incorrect with Freeradius 2.1.12
Alan DeKok
aland at deployingradius.com
Mon Aug 31 02:06:42 CEST 2015
On Aug 30, 2015, at 4:57 PM, François Lacombe <fl.infosreseaux at gmail.com> wrote:
> 2015-08-29 15:22 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
>>
>> It means that the passwords don't match.
>
> It's difficult to believe it : the password is "abc" for this test...
> and I'm pretty sure they match.
<shrug> They don't match.
> Is there a way to test eap-maschapv2 method in local instead of using
> the NAS currently used ?
see eapol_test.
>>
>>> It seems this line appears when NT or LM-Password are missing in the
>>> LDAP, but here Freeradius find them successfully earlier.
>>
>> No, the message does NOT appear when the NT-Password is missing.
>
> I don't understand : someone here
> (http://lists.freeradius.org/pipermail/freeradius-users/2010-March/045323.html)
> is reporting a log like that :
> [mschap] Told to do MS-CHAPv2 for bernard with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
> [mschap] FAILED: MS-CHAP2-Response is incorrect
Those messages are DIFFERENT than the ones you see.
The messages are simple, and should be clear. What's the confusion?
Alan DeKok.
More information about the Freeradius-Users
mailing list