Re: Help needed with MS Chap v2

Wed, 26 Mar 2003 08:25:43 -0800 

Guy,

Do the LDAP server logs show anything?

josh.

On Wed, 2003-03-26 at 16:10, Guy Warner wrote:
> Hi
> 
> I am trying to set up a Freeradius 0.8.1 server to authenticate users with
> MS Chap v2. The information about each user is obtained from an LDAP server.
> The requests for authentication are being received via a proxy server.
> 
> The problem is that all requests to authenticate a user result in
>          rlm_mschap: Nothing in the packet I recognise: Rejecting the user
> 
> The mschap section of radiusd.conf is as follows
> 
>  mschap {
>                 authtype = MS-CHAP
>                 use_mppe = yes
>                 require_encryption = yes
>                 require_strong = yes
>         }
> 
> 
> The output from radiusd in debug mode contains the following
> 
>         rad_recv: Access-Request packet from host <omitted>:1814, id=3,
> length=172
>         MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
>         MS-CHAP2-Response =
> 0x0100613e878f3075d4825db25f99da79dac300000000000000002d620d49a20f637cae65f3
> 05c09460bdc1c3047ab43476f5
>         User-Name = "[EMAIL PROTECTED]"
>         NAS-IP-Address = <omitted>
>         NAS-Identifier = <omitted>
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Proxy-State = 0x313630
> ......
>         Debug: modcall: entering group authtype
>         Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
>         Debug: rlm_mschap: Authentication failed
>         Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the
> user
>         Debug:   modcall[authenticate]: module "mschap" returns reject
> 
> 
> The username is stripped of the domain since usernames are storred on the
> LDAP server in the short form.
> 
> Any suggestions on how to fix this problem would be gratefully received. If
> I have not provided sufficient information to diagnose the error then please
> let me know and I will send more information.
> 
> 
> Thanks in advance
> 
> 
> Guy Warner
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
-----------------------------------------------------------
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]
------------------------------------------------------------
---


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to