Hi
I am trying to set up a Freeradius 0.8.1 server to authenticate users with
MS Chap v2. The information about each user is obtained from an LDAP server.
The requests for authentication are being received via a proxy server.
The problem is that all requests to authenticate a user result in
rlm_mschap: Nothing in the packet I recognise: Rejecting the user
The mschap section of radiusd.conf is as follows
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
}
The output from radiusd in debug mode contains the following
rad_recv: Access-Request packet from host <omitted>:1814, id=3,
length=172
MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
MS-CHAP2-Response =
0x0100613e878f3075d4825db25f99da79dac300000000000000002d620d49a20f637cae65f3
05c09460bdc1c3047ab43476f5
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = <omitted>
NAS-Identifier = <omitted>
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x313630
......
Debug: modcall: entering group authtype
Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
Debug: rlm_mschap: Authentication failed
Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the
user
Debug: modcall[authenticate]: module "mschap" returns reject
The username is stripped of the domain since usernames are storred on the
LDAP server in the short form.
Any suggestions on how to fix this problem would be gratefully received. If
I have not provided sufficient information to diagnose the error then please
let me know and I will send more information.
Thanks in advance
Guy Warner
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
