mschap: Strange behaviour in two differend servers.
Michael Schwartzkopff
ms at sys4.de
Thu Mar 6 15:17:43 UTC 2025
Hi,
we have a strange behaviour in our FreeRADIUS setup. the mschap module
in one server authenticates the users and in the other server rejects
him. Any ideas from you?
Working server:
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Peer sent packet with method
EAP MSCHAPv2 (26)
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Calling submodule
eap_mschapv2 to process data
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Sending EAP Success (code 3)
ID 108 length 4
(543) Thu Feb 20 15:49:18 2025: Debug: eap: Freeing handler
(543) Thu Feb 20 15:49:18 2025: Debug: modsingle[authenticate]: returned
from eap (rlm_eap)
(543) Thu Feb 20 15:49:18 2025: Debug: [eap] = ok
(543) Thu Feb 20 15:49:18 2025: Debug: } # authenticate = ok
Failed request:
(4) Fri Feb 21 13:28:09 2025: Debug: eap: Peer sent packet with method
EAP MSCHAPv2 (26)
(4) Fri Feb 21 13:28:09 2025: Debug: eap: Calling submodule eap_mschapv2
to process data
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: # Executing group
from file /etc/freeradius/3.0/sites-enabled/vpn-ip
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: authenticate {
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2:
modsingle[authenticate]: calling mschap (rlm_mschap)
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: Found NT-Password
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: Creating challenge hash
with username: bad_user
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: Client is using MS-CHAPv2
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: EXPAND TMPL XLAT
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: EXPAND %{mschap:User-Name}
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: --> bad_user
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: EXPAND TMPL LITERAL
(4) Fri Feb 21 13:28:09 2025: Debug: mschap: sending authentication
request user='bad_user' domain='DOMAIN'
(4) Fri Feb 21 13:28:09 2025: ERROR: mschap: When trying to update a
password, this return status indicates that the value provided as the
current password is not correct. [0xC000006A]
(4) Fri Feb 21 13:28:09 2025: ERROR: mschap: MS-CHAP2-Response is incorrect
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2:
modsingle[authenticate]: returned from mschap (rlm_mschap)
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: [mschap] = reject
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: } # authenticate =
reject
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: MSCHAP-Error: E=691
R=1 C=XXXX V=3 M=Authentication rejected
(4) Fri Feb 21 13:28:09 2025: Debug: eap_mschapv2: Found new challenge
from MS-CHAP-Error: err=691 retry=1 challenge=XXXX
(4) Fri Feb 21 13:28:09 2025: ERROR: eap_mschapv2: MSCHAP Failure
More information about the Freeradius-Users
mailing list