Thanks for the fast replies. The line
Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the user
makes me believe the packet is corrupted. Is there any way to test this. My
suspicion is that the packet is being corrupted by the proxy server, however
since this is running a dedicated operating system there is not a lot I can
modify on it. The software used to send the initial request to the proxy is
RASPPOE_098B.
The LDAP server is authorizing the user names fine.
Thanks again.
Guy Warner
----- Original Message -----
From: "3APA3A" <[EMAIL PROTECTED]>
To: "Guy Warner" <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 4:19 PM
Subject: Re: Help needed with MS Chap v2
> Dear Guy Warner,
>
> Authentication fails because of username or password mismatch. It may be
> if packet is corrupted, if realm is not stripped from username or
> password contains non-ASCII characters.
>
> --Wednesday, March 26, 2003, 7:10:32 PM, you wrote to
[EMAIL PROTECTED]:
>
> GW> Hi
>
> GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users
with
> GW> MS Chap v2. The information about each user is obtained from an LDAP
server.
> GW> The requests for authentication are being received via a proxy server.
>
> GW> The problem is that all requests to authenticate a user result in
> GW> rlm_mschap: Nothing in the packet I recognise: Rejecting the
user
>
> GW> The mschap section of radiusd.conf is as follows
>
> GW> mschap {
> GW> authtype = MS-CHAP
> GW> use_mppe = yes
> GW> require_encryption = yes
> GW> require_strong = yes
> GW> }
>
>
> GW> The output from radiusd in debug mode contains the following
>
> GW> rad_recv: Access-Request packet from host <omitted>:1814,
id=3,
> GW> length=172
> GW> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
> GW> MS-CHAP2-Response =
> GW>
0x0100613e878f3075d4825db25f99da79dac300000000000000002d620d49a20f637cae65f3
> GW> 05c09460bdc1c3047ab43476f5
> GW> User-Name = "[EMAIL PROTECTED]"
> GW> NAS-IP-Address = <omitted>
> GW> NAS-Identifier = <omitted>
> GW> Service-Type = Framed-User
> GW> Framed-Protocol = PPP
> GW> Proxy-State = 0x313630
> GW> ......
> GW> Debug: modcall: entering group authtype
> GW> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
> GW> Debug: rlm_mschap: Authentication failed
> GW> Debug: rlm_mschap: Nothing in the packet I recognise:
Rejecting the
> GW> user
> GW> Debug: modcall[authenticate]: module "mschap" returns reject
>
>
> GW> The username is stripped of the domain since usernames are storred on
the
> GW> LDAP server in the short form.
>
> GW> Any suggestions on how to fix this problem would be gratefully
received. If
> GW> I have not provided sufficient information to diagnose the error then
please
> GW> let me know and I will send more information.
>
>
> GW> Thanks in advance
>
>
> GW> Guy Warner
>
>
> GW> -
> GW> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> --
> ~/ZARAZA
> ������� - �� �����! (���)
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
