Il 20/01/2012 11:55, Phil Mayers ha scritto:
> If that's really all you've changed, there must be something wrong with
> Samba; it's getting the final crypto blob wrong, and the client is
> dropping the packets. You'll need to investigate and fix this.
Just tested with radtest (have had to use single quotes and FOUR
backslashes! -- my password is obviously in $P):
# radtest -t mschap 'PERSONALE\\\\diego.zuccato' "$P" localhost 0 testing123
Sending Access-Request of id 123 to 127.0.0.1 port 1812
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
MS-CHAP-Challenge = 0x7f218889d9de0c84
MS-CHAP-Response =
0x000100000000000000000000000000000000000000000000000015ea491108aa02bb34b5fe79918a67cd8a7b069240091194
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=123,
length=84
MS-CHAP-MPPE-Keys =
0x00000000000000003b1acd0b65d7af221df50f6ca50447cf0000000000000000
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
And the Access-Accept is quite fast.
When using eapol_test, I get the timeout.
The difference is that radtest seems to use mschapv1 while eapol_test
uses mschapv2.
What could be so wrong that v1 works and v2 doesn't? IIUC v2 includes
username and client nonce in the authenticator, while v1 doesn't.
BYtE,
Diego.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
