mschap: Strange behaviour in two differend servers.

Michael Schwartzkopff ms at sys4.de
Thu Mar 6 15:17:43 UTC 2025


Hi,


we have a strange behaviour in our FreeRADIUS setup. the mschap module 
in one server authenticates the users and in the other server rejects 
him. Any ideas from you?


Working server:

(543) Thu Feb 20 15:49:18 2025: Debug: eap: Peer sent packet with method 
EAP MSCHAPv2 (26)
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Calling submodule 
eap_mschapv2 to process data
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Sending EAP Success (code 3) 
ID 108 length 4
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Freeing handler
(543) Thu Feb 20 15:49:18 2025: Debug: modsingle[authenticate]: returned 
from eap (rlm_eap)
(543) Thu Feb 20 15:49:18 2025: Debug:       [eap] = ok
(543) Thu Feb 20 15:49:18 2025: Debug:     } # authenticate = ok


Failed request:

(4) Fri Feb 21 13:28:09 2025: Debug: eap: Peer sent packet with method 
EAP MSCHAPv2 (26)
(4) Fri Feb 21 13:28:09 2025: Debug: eap: Calling submodule eap_mschapv2 
to process data
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: # Executing group 
from file /etc/freeradius/3.0/sites-enabled/vpn-ip
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2:   authenticate {
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: 
modsingle[authenticate]: calling mschap (rlm_mschap)
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: Found NT-Password
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: Creating challenge hash 
with username: bad_user
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: Client is using MS-CHAPv2
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: EXPAND TMPL XLAT
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: EXPAND %{mschap:User-Name}
(4) Fri Feb 21 13:28:09 2025: Debug: mschap:    --> bad_user
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: EXPAND TMPL LITERAL
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: sending authentication 
request user='bad_user' domain='DOMAIN'
(4) Fri Feb 21 13:28:09 2025: ERROR: mschap: When trying to update a 
password, this return status indicates that the value provided as the 
current password is not correct. [0xC000006A]
(4) Fri Feb 21 13:28:09 2025: ERROR: mschap: MS-CHAP2-Response is incorrect
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: 
modsingle[authenticate]: returned from mschap (rlm_mschap)
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2:     [mschap] = reject
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2:   } # authenticate = 
reject
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: MSCHAP-Error: E=691 
R=1 C=XXXX V=3 M=Authentication rejected
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: Found new challenge 
from MS-CHAP-Error: err=691 retry=1 challenge=XXXX
(4) Fri Feb 21 13:28:09 2025: ERROR: eap_mschapv2: MSCHAP Failure



More information about the Freeradius-Users mailing list