MSCHAP Issues

Alan DeKok aland at deployingradius.com
Mon Jul 29 19:15:11 CEST 2019


On Jul 29, 2019, at 11:23 AM, J Kephart <jkephart at safetynetaccess.com> wrote:
> 
> Yes, we're using MACs in a lab scenario to test what the client is reporting.  What's strange about this is that FR reports that no cleartest-password can be found, yet  when we run the radcheck query from the debug output, we get the following:
> 
> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '54-72-4F-69-14-B1' ORDER BY id;
> +-------+-------------------+--------------------+-------------------+----+
> | id    | username          | attribute          | value             | op |
> +-------+-------------------+--------------------+-------------------+----+
> | 13758 | 54-72-4F-69-14-B1 | Cleartext-Password | 54-72-4F-69-14-B1 | := |
> +-------+-------------------+--------------------+-------------------+----+
> 
> As you can see, the password is there, as is the username, in hyphenated form.  We do no manipulation of the username at all, simply accepting what we receive.

  Then something else is going wrong.

> So, if we can run the query and get the expected results, why is FR giving us the error?  Or, what are we doing wrong on the DB side? In my company, our radius team is a team of one -- me -- and I am truly trying the learn and understand as I much as I can, so I can fix this, and be able to recognize and diagnose any future recurrences.

  FreeRADIUS just does SQL queries using the admin user/password you supply.  Are you sure that you're using the same admin user above?

  Alan DeKok.




More information about the Freeradius-Users mailing list