Thanks again for your work on this facility.
I built and installed with the new patches.
Unfortunately things did not quite work - however with a small change I
could get the retry to work properly on a windows7 machine.
The problem is that when we do a retry in addition to setting the challenge
value we also need to change the data->code to challenge rather than
failure. When the response comes back we can correctly deal with it.
==== original patch -- with suggested changes **** ====
678 - pairmove2(&response, &handler->request->reply->vps,
679 - PW_MSCHAP_ERROR);
678 + pairmove2(&response, &handler->request->reply->vps,
679 + PW_MSCHAP_ERROR);
**** add failure code by default
data->code = PW_EAP_MSCHAPV2_FAILURE;
****
680 + if (response) {
681 + int n,err,retry;
682 + char buf[34];
683 +
684 + DEBUG2(" MSCHAP-Error: %s", response->vp_strvalue);
685 +
686 + /*
687 + * parse the new challenge out of the MS-CHAP-Error, so if the client
688 + * issues a re-try, we'll know the challenge value they used
689 + */
690 + n = sscanf(response->vp_strvalue, "%*cE=%d R=%d C=%32s", &err, &retry,
&buf);
691 + if (n==3) {
692 + DEBUG2(" Found new challenge from MS-CHAP-Error: err=%d retry=%d
challenge=%s", err, retry, buf);
693 + fr_hex2bin(buf, data->challenge, 16);
**** Set code to challenge if we find a challenge
data->code = PW_EAP_MSCHAPV2_CHALLENGE;
****
694 + } else {
695 + DEBUG2(" Could not parse new challenge from MS-CHAP-Error: %d",
n);
696 + }
697 + }
680
**** remove this code since set above
698 data->code = PW_EAP_MSCHAPV2_FAILURE;
****
==== END OF original patch ===
johnh...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
