Help configuring FreeRADIUS on OS X Server - ERROR: (2) mschap: ERROR: (null): status = eServerError
Alan DeKok
aland at deployingradius.com
Thu Dec 6 13:29:43 CET 2018
On Dec 5, 2018, at 6:21 PM, Eric Wittle <eric at wittle.net> wrote:
>
> Responding to Matthew & Alan.
>
> I manually repeated the changes Alan checked in to opendir.c. Unfortunately, I still got a segfault after those changes. I’ve done some debugging since, and now have a successfully authenticating VPN with the modified code (yeah)!
>
> The segmentation fault was because the method signature for mschap_add_reply in opendir.c didn’t match the actual method in rlm_mschap.c. I changed the signature definition at the top to remove the ValuePair parameter; it seemed to match the current definition in rlm_mschap.c more correctly that way:
Thanks. I've pushed a fix to the code. It should now be in the v3.0.x branch on GitHub.
> I’m planning on filing an issue with Apple on their documentation for migrating from Apple Server to the 3.0 version of FreeRADIUS. I’m honestly curious if either of you think that open directory authentication with 3.0 could work in any cases?
It worked prior to 2014, (3.0.6) when the erroneous change went in.
> It seems to me like they never tested their instructions, but I admit I’m generalizing from one single use case (router authentication). As you can probably tell from some of my early e-mails, my ignorance about FreeRADIUS was quite high when I first engaged with this group, and I simply don’t know if there would be use cases where the missing MS-CHAP2-Success would not cause problems.
>
> Lastly, when I file the issue with apple, would you be comfortable that I recommend that they change to a 3.0 version that contains whatever the final fixed code is? Their docs currently say 3.0.0 specifically. If so, would that be 3.0.18?
Yes.
> Thanks again for your help, and sorry for any confusion I may have caused along the way.
Confusion is understandable. The most important thing is *learning*, and *fixing* problems. That is a skill which is much appreciated.
Alan DeKok.
More information about the Freeradius-Users
mailing list