[email protected] wrote: > 1) In freeradius version 2.1.10 and older (at least 1.1.7) when there was > a bug in that when there was a PW_EAP_MSCHAPV2_FAILURE while there was > a response sent back to the client but there was no message in the > response.
It's more complicated. The server would send EAP-Failure, and nothing else. > 2) The patch given resolves that problem - giving the message > of the rlm_mschap.c module of E=691 R=1 On closer inspection, the patch doesn't resolve anything. It still sends an EAP-Failure. It should instead send an EAP-Response with EAP-MSCHAPv2-Failure, and the "E=691 R=1" failure code. After the client has ACKed that, it should *then* send EAP-Failure. i.e. fixing it is likely a fair bit more work. > 3) It is possible to configure in radius.conf the message on failure by: No. That sends back an MS-CHAP-Error. The code has to package that MS-CHAP-Error into an EAP sub-type, and send it back to the client in an *additional* request/response round trip, before finally sending EAP-Failure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
