R: Issue with Chap Auth - freeradius v3.0.16 on RHEL 7.4

Andrea Mucci andrea.mucci at outlook.com
Mon Sep 24 23:15:06 CEST 2018 

Good evening Alan,

I verified that by setting debug level to 3,
the password chap control mechanism, with CHAP Challenge above 48 bytes, does not work properly.​
​
CHAP-Challenge 120 Byte​
​
(0) Received Access-Request Id 53 from 192.168.219.1:51447 to 192.168.219.131:1812 length 112
(0)   User-Name = "bob"​
(0)   CHAP-Password = 0xa022e9432b6f504f46a26c930b6ca07315​
(0)   NAS-Port-Type = Ethernet​
(0)   CHAP-Challenge = 0x626f626764686a73676467736a677361676a68736468616a68616a68736a73736b6b73736b736b736b6461736a64616a353633337437337565373274​
...​
(0)   Auth-Type CHAP {​
(0)     modsingle[authenticate]: calling chap (rlm_chap)​
(0) chap: Comparing with "known good" &control:Cleartext-Password value "hello"​
(0) chap: Using challenge from &request:CHAP-Challenge​
(0) chap:   CHAP challenge : 626f626764686a73676467736a677361676a68736468616a68616a68736a73736b6b73736b736b736b6461736a64616a353633337437337565373274​
(0) chap:   Client sent    : 22e9432b6f504f46a26c930b6ca07315​
(0) chap:   We calculated  : 38363136613638373336613733373336​
(0) chap: ERROR: Password comparison failed: password is incorrect​
(0)     modsingle[authenticate]: returned from chap (rlm_chap)​
(0)     [chap] = reject​
(0)   } # Auth-Type CHAP = reject
​
​
By lowering the debug level to 2 or lower, everything works fine.​
​
(0) Received Access-Request Id 54 from 192.168.219.1:51511 to 192.168.219.131:1812 length 112
(0)   User-Name = "bob"​
(0)   CHAP-Password = 0xb696491421f5afde906b79189d9d805c15​
(0)   NAS-Port-Type = Ethernet​
(0)   CHAP-Challenge = 0x626f626764686a73676467736a677361676a68736468616a68616a68736a73736b6b73736b736b736b6461736a64616a353633337437337565373274​
...​
(0)   Auth-Type CHAP {​
(0) chap: Comparing with "known good" Cleartext-Password​
(0) chap: CHAP user "bob" authenticated successfully​
(0)     [chap] = ok​
(0)   } # Auth-Type CHAP = ok

Best Regards​
Andrea



________________________________
Da: Freeradius-Users <freeradius-users-bounces+andrea.mucci=outlook.com at lists.freeradius.org> per conto di Alan DeKok <aland at deployingradius.com>
Inviato: venerdì 21 settembre 2018 19:14
A: FreeRadius users mailing list
Cc: luciana.coppola at hpe.com
Oggetto: Re: Issue with Chap Auth - freeradius v3.0.16 on RHEL 7.4

On Sep 21, 2018, at 12:42 PM, Andrea Mucci <andrea.mucci at outlook.com> wrote:
>
> Hi All.
>
> I have an issue on Chap Authentication Request.
> It seems that if CHAPChallenge size is longer than 48 bytes, Freeradius sends an Access Reject.

 It works for me with the v3.0.x head.  And that code hasn't changed for a long time.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list