FreeRadius mschap v2 challange repeating without checking password

Alan DeKok aland at deployingradius.com
Thu Jun 13 22:36:27 UTC 2024 

On Jun 13, 2024, at 6:14 PM, Jaco du Preez via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I am trying to anable MS Chap v2 auth from Radius in PHP with FreeRadius standalone without active Directory to test if the integration works.
> The challenges keeps getting sent, irrespective if password is right or wrong. Logging is also not happening when doing a MSChapv2 auth. Logging is happening when doing ms-chap-v1, pap , chap-md5.

  When you joined the mailing list, you got a messaging telling you to read a Wiki page.  Go read that page.

  You're working hard to avoid all of the documentation which will help fix the problem.  Why?

> Tried clear password, MD5 and NT password and MS-CHAP-Use-NTLM-Auth with yes and 1.

  "I tried a bunch of stuff, but it didn't work".

  Perhaps try reading the documentation.

> authorise
> bob   Cleartext-Password := "test", MS-CHAP-Use-NTLM-Auth := yes
>       Reply-Message := "Hello, %{User-Name}"
> 
> 
> bob_md5    MD5-Password:= "****", MS-CHAP-Use-NTLM-Auth := yes
>    Reply-Message := "Hello, %{User-Name}"
> 
> 
> bob_ntp    NT-Password:= "****", MS-CHAP-Use-NTLM-Auth := yes
>    Reply-Message := "Hello, %{User-Name}"

  All of the documentation says "don't post the configuration files".

  Perhaps try reading the documentation.

> 
> FreeRadius Server Debug
> 2024-06-13 21:07:14 DEBUG: Added Attribute 1 (User-Name), format S, value bob_ntp
> 2024-06-13 21:07:14 DEBUG: Added Attribute 79 (EAP-Message), format S, value �
>                                                                              bob_ntp

  That isn't debugging output from FreeRADIUS.  Perhaps one of the following is true:

a) you're not using FreeRADIUS, and this is the output from something else

b) you're using a version of FreeRADIUS which has been heavily modified by someone else

> freeradius -XC

  Why?

  Go read the documentation.  Then, follow the instructions in the documentation.

  This message is a complete waste of your time, and ours.  It is impossible for us to help you with the information you included in the message.

  What we need is the debug output.  The documentation tells you what that is, and how to get it.

  Alan DeKok.

More information about the Freeradius-Users mailing list