Re: Help needed with MS Chap v2

Wed, 26 Mar 2003 08:18:36 -0800 

Dear Guy Warner,

Authentication fails because of username or password mismatch. It may be
if  packet  is  corrupted,  if  realm  is  not stripped from username or
password contains non-ASCII characters.

--Wednesday, March 26, 2003, 7:10:32 PM, you wrote to [EMAIL PROTECTED]:

GW> Hi

GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users with
GW> MS Chap v2. The information about each user is obtained from an LDAP server.
GW> The requests for authentication are being received via a proxy server.

GW> The problem is that all requests to authenticate a user result in
GW>          rlm_mschap: Nothing in the packet I recognise: Rejecting the user

GW> The mschap section of radiusd.conf is as follows

GW>  mschap {
GW>                 authtype = MS-CHAP
GW>                 use_mppe = yes
GW>                 require_encryption = yes
GW>                 require_strong = yes
GW>         }


GW> The output from radiusd in debug mode contains the following

GW>         rad_recv: Access-Request packet from host <omitted>:1814, id=3,
GW> length=172
GW>         MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
GW>         MS-CHAP2-Response =
GW> 0x0100613e878f3075d4825db25f99da79dac300000000000000002d620d49a20f637cae65f3
GW> 05c09460bdc1c3047ab43476f5
GW>         User-Name = "[EMAIL PROTECTED]"
GW>         NAS-IP-Address = <omitted>
GW>         NAS-Identifier = <omitted>
GW>         Service-Type = Framed-User
GW>         Framed-Protocol = PPP
GW>         Proxy-State = 0x313630
GW> ......
GW>         Debug: modcall: entering group authtype
GW>         Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
GW>         Debug: rlm_mschap: Authentication failed
GW>         Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the
GW> user
GW>         Debug:   modcall[authenticate]: module "mschap" returns reject


GW> The username is stripped of the domain since usernames are storred on the
GW> LDAP server in the short form.

GW> Any suggestions on how to fix this problem would be gratefully received. If
GW> I have not provided sufficient information to diagnose the error then please
GW> let me know and I will send more information.


GW> Thanks in advance


GW> Guy Warner


GW> - 
GW> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
~/ZARAZA
ÝÍÈÀÊàì - ïî ìîðäå!  (Ëåì)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to