Re: PEAP mschapv2 E= 691 R=0 code is correct?

엔트로링크(주) dhpark21 at naver.com
Fri Sep 25 16:05:58 CEST 2020 

Thank reply.
 
At test case,...(cached password was wrong)
as below document, it will prompt the user for a new password.
but, Windows 10 are not prompt.(FR),
Cisco ISE are prompt ok
my question is it(new password prompt).
Check it.
Thanks.
--
mschapv2 {
                #  Prior to version 2.1.11, the module never
                #  sent the MS-CHAP-Error message to the
                #  client.  This worked, but it had issues
                #  when the cached password was wrong.  The
                #  server *should* send "E=691 R=0" to the
                #  client, which tells it to prompt the user
                #  for a new password.
                #
                #  The default is to behave as in 2.1.10 and
                #  earlier, which is known to work.  If you
                #  set "send_error = yes", then the error
                #  message will be sent back to the client.
                #  This *may* help some clients work better,
                #  but *may* also cause other clients to stop
                #  working.
                # 
--
 
 
-----Original Message-----
From: "Alan DeKok"<aland at deployingradius.com>
To: "FreeRadius users mailing list"<freeradius-users at lists.freeradius.org>;
Cc:
Sent: 2020-09-25 (금) 22:29:42 (GMT+09:00)
Subject: Re: PEAP mschapv2 E= 691 R=0 code is correct?
 


> On Sep 25, 2020, at 9:22 AM,
>
> atteched full log.
> Thanks
> <rtest.txt>-

 Part of the reason it's so big is you're (again) not following instructions.  DON'T use "radius -Xx" or "radiusd -Xx" or  "radiusd -XXXxxxxxxxxx".  Follow the documentation.  Use "radiusd -X".

 Honestly... it really does help to read the documentation and follow the instructions.  Most of the issues you're running into would have been avoided.

 And reading the debug output show:


(6) mschap: Found Cleartext-Password, hashing to create NT-Password
(6) mschap: Creating challenge hash with username: user01
(6) mschap: Client is using MS-CHAPv2
ERROR: (6) mschap: MS-CHAP2-Response is incorrect

 So... the password is wrong.

 You've told FreeRADIUS one password, and the user is entering a different one.  Make sure that the user is entering the correct password.

 And no, don't argue that "the password is correct".  It's not.

 Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list