rlm_rest learnings - PAP and PEAP/MSCHAPv2
a.cudbardb at freeradius.org
Wed Jan 22 23:42:09 CET 2020
> When doing PEAP/MSCHAPv2, the authorize REST API gets called twice in the inner-tunnel, for two different EAP messages.
> Wastes a few milliseconds, but only a minor issue.
Add NT-Password to the session-state: list. Only call the rest module if session-state:NT-Password isn't set, otherwise copy session-state:NT-Password to the control list.
> radtest -t mschap valid-user at domain invalid_password 127.0.0.1 0 radius_secret
> replied with
> MS-CHAP-Error = "\000E=691 R=1 C=ad8367a70f809d72 V=2"
> My reading of the MS-CHAP-V2 RFC2759 and PPP CHAP RFC1994 is that this should have been
> MS-CHAP-Error = "E=691 R=1 C=ad8367a70f809d72 V=2"
Hm, feel free to track it down and submit a PR :)
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users