On 6 Dec 2012, at 14:07, Scott Armitage <s.p.armit...@lboro.ac.uk> wrote:
> > On 6 Dec 2012, at 11:33, Scott Armitage <s.p.armit...@lboro.ac.uk> > wrote: > >> All, >> >> I have noticed a behaviour in the logging and I'm not sure if it is >> misconfiguration on my part, misunderstanding of the expected behaviour or a >> bug. If I attempt to log in using EAP-MSCHAPv2 inside of an eap method >> (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of >> the result of the inner EAP. e.g: >> >> Thu Dec 6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 >> cli 02-00-00-00-00-01 via TLS tunnel) >> Thu Dec 6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 >> cli 02-00-00-00-00-01 via TLS tunnel) >> Thu Dec 6 11:10:56 2012 : Auth: Login OK: [anonym...@lboro.ac.uk] (from >> client pepsi port 0 cli 02-00-00-00-00-01) >> >> This means if I have a user with a bad password I get the following in the >> log: >> >> Thu Dec 6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 >> cli 02-00-00-00-00-01 via TLS tunnel) >> >> As the mschap module is waiting for the user to re-enter their password >> eventual it times out. Therefore this is the only entry in the log. Which >> is somewhat confusing, as it has actually failed but the only log entry is >> "Login OK". >> >> Has anyone else noticed this behaviour? or have I configured something >> wrong? >> >> Regards >> >> Scott Armitage- >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > Sorry forgot to say. I notice this with both FreeRADIUS Version 2.2.0 and 3.0 ignore this, I was just being dumb. I had enabled SoH and the first OK is the SoH.
signature.asc
Description: Message signed with OpenPGP using GPGMail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html