Allow access to wrong password

Bjørn Mork bjorn at mork.no
Thu Apr 14 15:51:14 CEST 2016


Aurélio de Souza Ribeiro Neto <netolistas at mpc.com.br> writes:
> Em 13/04/2016 19:41, Alan DeKok escreveu:
>> On Apr 13, 2016, at 5:16 PM, Aurélio de Souza Ribeiro Neto <netolistas at mpc.com.br> wrote:
>>> rad_recv: Access-Request packet from host 172.20.200.2 port 47606, id=251, length=207
>>>         Service-Type = Framed-User
>>>         Framed-Protocol = PPP
>>>         NAS-Port = 15728752
>>>         NAS-Port-Type = Ethernet
>>>         User-Name = "testepppoe"
>>>         Calling-Station-Id = "F8:1A:67:58:42:E7"
>>>         Called-Station-Id = "CE - TESTE PPPoE"
>>>         NAS-Port-Id = "ether2"
>>>         MS-CHAP-Challenge = 0xa2679e2e3eda990b3c1154ad21869130
>>>         MS-CHAP2-Response = 0x01003768a76d49b3b35a91341a22ddb2930a000000000000000003c736cb201806f6a9100b319b13e9c893b2bd9d048a7541
>>    You can't force an Access-Accept in MS-CHAPv2.
>
>         Sorry, I don't know why.....

See the "Note" on https://technet.microsoft.com/en-us/library/cc787927%28v=ws.10%29.aspx

The easiest way to "fix" this is usually turning off chap support on the
NAS, allowing only pap.


Bjørn



More information about the Freeradius-Users mailing list