Hello Alan,
You've been absolutely right. The bug was in radius module for pppd
and it sent wrong MS-CHAP2-Response value for freeradius. Problem was
in function, which compose this attribute from client authentication
response. Format of PPP response packet and MS-CHAP-Response av pair
differs slightly, confirming the comments of the developer of the
plug-in (something about idiots).
I've seen here that 3 person in this mailing list are suffering from
the same bug, so, could you please excuse the posting of the patch? It was made
against the latest cvs version of pppd from samba.org:
Index: radius.c
===================================================================
RCS file: /cvsroot/ppp/pppd/plugins/radius/radius.c,v
retrieving revision 1.21
diff -u -r1.21 radius.c
--- radius.c 25 Nov 2003 11:50:10 -0000 1.21
+++ radius.c 7 Jan 2004 19:18:43 -0000
@@ -425,7 +425,7 @@
case CHAP_MICROSOFT_V2:
{
/* MS-CHAP-Challenge and MS-CHAP2-Response */
- MS_Chap2Response *rmd = (MS_Chap2Response *) (response + 1);
+ MS_Chap2Response *rmd = (MS_Chap2Response *) response;
u_char *p = cpassword;
if (response_len != MS_CHAP2_RESPONSE_LEN)
It completely fixes the problem of authenticating with pppd against
freeradius using MSCHAPv2.
I sent this patch to one of the maintainers of the pppd and asked to
commit it to the source tree. Hope fixed pppd will be available for wide
public soon.
Kind regards,
Anton Golubev
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
