Re: PEAP mschapv2 E= 691 R=0 code is correct?
dhpark21 at naver.com
Fri Sep 25 16:05:58 CEST 2020
At test case,...(cached password was wrong)
as below document, it will prompt the user for a new password.
but, Windows 10 are not prompt.(FR),
Cisco ISE are prompt ok
my question is it(new password prompt).
# Prior to version 2.1.11, the module never
# sent the MS-CHAP-Error message to the
# client. This worked, but it had issues
# when the cached password was wrong. The
# server *should* send "E=691 R=0" to the
# client, which tells it to prompt the user
# for a new password.
# The default is to behave as in 2.1.10 and
# earlier, which is known to work. If you
# set "send_error = yes", then the error
# message will be sent back to the client.
# This *may* help some clients work better,
# but *may* also cause other clients to stop
From: "Alan DeKok"<aland at deployingradius.com>
To: "FreeRadius users mailing list"<freeradius-users at lists.freeradius.org>;
Sent: 2020-09-25 (금) 22:29:42 (GMT+09:00)
Subject: Re: PEAP mschapv2 E= 691 R=0 code is correct?
> On Sep 25, 2020, at 9:22 AM,
> atteched full log.
Part of the reason it's so big is you're (again) not following instructions. DON'T use "radius -Xx" or "radiusd -Xx" or "radiusd -XXXxxxxxxxxx". Follow the documentation. Use "radiusd -X".
Honestly... it really does help to read the documentation and follow the instructions. Most of the issues you're running into would have been avoided.
And reading the debug output show:
(6) mschap: Found Cleartext-Password, hashing to create NT-Password
(6) mschap: Creating challenge hash with username: user01
(6) mschap: Client is using MS-CHAPv2
ERROR: (6) mschap: MS-CHAP2-Response is incorrect
So... the password is wrong.
You've told FreeRADIUS one password, and the user is entering a different one. Make sure that the user is entering the correct password.
And no, don't argue that "the password is correct". It's not.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users