Hello all,
We have the same problem, not only on mschap, but also with ttls+pap and
peap+pap. The problem was seen from the wheezy version of freeradius
[1], but when upgraded to wheezy-backports [2] (freeradius 2.2.5) the
issue was not seen anymore, even with logrotate doing a daemon reload
(20 times, for now).
So, a workaround to this issue is to upgrade freeradius to
wheezy-backports. Pay attention to openssl Heartbleed check, because
from 2014.04.08 [3], freeradius refuse to start when find a supposedly
vulnerable version (actually it is not, because was fixed on
1.0.1e-2+deb7u17). Then you need to change radiusd.conf and include:
diff --git a/freeradius/radiusd.conf b/freeradius/radiusd.conf
index 8feb3e2..cd5d18d 100644
--- a/freeradius/radiusd.conf
+++ b/freeradius/radiusd.conf
@@ -524,6 +524,9 @@ security {
# See also raddb/sites-available/status
#
status_server = yes
+
+
+ allow_vulnerable_openssl = yes
}
# PROXY CONFIGURATION
Regards, Italo
[1] versions of freeradius before update (with problem)
ii freeradius 2.1.12+dfsg-1.2
amd64 high-performance and highly configurable RADIUS server
ii freeradius-common 2.1.12+dfsg-1.2 all
FreeRADIUS common files
ii freeradius-ldap 2.1.12+dfsg-1.2
amd64 LDAP module for FreeRADIUS server
ii freeradius-utils 2.1.12+dfsg-1.2
amd64 FreeRADIUS client utilities
ii libfreeradius2 2.1.12+dfsg-1.2
amd64 FreeRADIUS shared library
[2] upgraded freeradius to wheezy-backports
ii freeradius 2.2.5+dfsg-0.1~bpo70+1
amd64 high-performance and highly configurable RADIUS server
ii freeradius-common 2.2.5+dfsg-0.1~bpo70+1 all
FreeRADIUS common files
ii freeradius-ldap 2.2.5+dfsg-0.1~bpo70+1
amd64 LDAP module for FreeRADIUS server
ii freeradius-utils 2.2.5+dfsg-0.1~bpo70+1
amd64 FreeRADIUS client utilities
ii libfreeradius2 2.2.5+dfsg-0.1~bpo70+1
amd64 FreeRADIUS shared library
[3] http://freeradius.org/security.html
