Dear Alan DeKok,
if (response->length < 50 || challenge->length < 8) {
radlog(L_AUTH, "rlm_mschap: Attribute \"MS-CHAP-
Response\" has wrong format.");
There is wrong password or some encryption problems from client side.
Another possible problem: only LM-Password is configured. MS-CHAP is
possible with LM-Password, while MS-CHAPv2 requires NT-Password to work.
Information about NAS and client would help. If client is some dialup
software for *nix problem is probably from client side, because it's not
likely NAS to change Challenge/Response
--Wednesday, March 5, 2003, 2:37:21 PM, you wrote to [EMAIL PROTECTED]:
AD> <[EMAIL PROTECTED]> wrote:
>> but with mschapv2 i get:
>> --
...>>
>> auth: type "MS-CHAP"
>> modcall: entering group authtype
>> rlm_mschap: doing MS-CHAPv2 with NT-Password
>> rlm_mschap: Authentication failed
>> rlm_mschap: Nothing in the packet I recognise: Rejecting the user
AD> The MS-CHAP module has some sanity checks so that it doesn't even
AD> bother to check the authentication if the response isn't what it
AD> expects.
AD> e.g. an MS-CHAPv2 response of 1 byte, or of 200 bytes.
AD> Those checks may be wrong. Poke at the source code in rlm_mschap.c
AD> to see why/where it's making it's decision, and what it's doing wrong.
AD> Alan DeKok.
AD> -
AD> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Всегда будем рады послушать ваше чириканье (Твен)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
