Re: MS-CHAP-V2 with no retry

Fri, 04 Mar 2011 06:51:50 -0800 



--On Friday, March 04, 2011 13:32:35 +0100 Alan DeKok 
<al...@deployingradius.com> wrote:



Alan DeKok wrote:

James J J Hooper wrote:

rlm_eap_mschapv2.c: In function `mschapv2_authenticate':
rlm_eap_mschapv2.c:658: error: called object is not a function
rlm_eap_mschapv2.c:658: error: too few arguments to function
`pairmove2'

I've added the missing comma, and it's building now....  :-)


  Then you're using the git "master" branch, and not 2.1.x.


  Nope, my mistake.  See the recent message for a better patch.



***  With a bad password it does:


[eduroamlocalmschap] 	expand: 
--nt-response=%{eduroamlocalmschap:NT-Response} -> 
--nt-response=58a58ef81a7975443ce2f2ea61d6e66b11974cd3fbbf2b2d

Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
[eduroamlocalmschap] External script failed.
[eduroamlocalmschap] FAILED: MS-CHAP2-Response is incorrect
++[eduroamlocalmschap] returns reject
rlm_eap_mschapv2: No MS-CHAPv2-Success or MS-CHAP-Error was found.
[eduroamlocaleap-bris-sha-ca] Handler failed in EAP/mschapv2
[eduroamlocaleap-bris-sha-ca] Failed in EAP select
++[eduroamlocaleap-bris-sha-ca] returns invalid
Failed to authenticate the user.

Login incorrect (eduroamlocalmschap: External script says Logon failure 
(0xc000006d)): [jh1...@bris.ac.uk] (from client custard-66 port 0 cli 
99-88-77-66-55-44 via TLS tunnel)

} # server eduroamlocal-inner
[peap] Got tunneled reply code 3
        MS-CHAP-Error = "\tE=691 R=1"
        EAP-Message = 0x04090004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\tE=691 R=1"
        EAP-Message = 0x04090004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eduroamlocaleap-bris-sha-ca] returns handled



***  With a locked out user it does:

server eduroamlocal-inner {
Exec-Program output: Account locked out (0xc0000234)
Exec-Program-Wait: plaintext: Account locked out (0xc0000234)
Exec-Program: returned: 1
rlm_eap_mschapv2: No MS-CHAPv2-Success or MS-CHAP-Error was found.

Login incorrect (eduroamlocalmschap: External script says Account locked 
out (0xc0000234)): [jh176...@bris.ac.uk] (from client custard-66 port 0 cli 
99-88-77-66-55-44 via TLS tunnel)

} # server eduroamlocal-inner
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
attr_filter: Matched entry DEFAULT at line 1
Sending Access-Challenge of id 7 to 137.222.253.66 port 48817

	EAP-Message = 
0x0108002b19001703010020bfba7af9865436c3cbcd179868046228adb578769d6312fd4cb3caaf3626edc0

        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2183e4ed268bfd6e277ccbd19a06e21c




* Also, each time MS-CHAP-Error seems to be prefixed with a character  - Is 
that intended?


-James


--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk       
--


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
























					Reply via email to