Dear Guy Warner, This line simply notifies you there is no authentication schema may be used for packet (for MS-CHAPv1 both LM and NT authentication is available, for MS-CHAPv2 only NT and it fails in your case). Packet corruption is most unlikely from all variants.
--Wednesday, March 26, 2003, 7:38:27 PM, you wrote to [EMAIL PROTECTED]: GW> Thanks for the fast replies. The line GW> Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the user GW> makes me believe the packet is corrupted. Is there any way to test this. My GW> suspicion is that the packet is being corrupted by the proxy server, however GW> since this is running a dedicated operating system there is not a lot I can GW> modify on it. The software used to send the initial request to the proxy is GW> RASPPOE_098B. GW> The LDAP server is authorizing the user names fine. GW> Thanks again. GW> Guy Warner GW> ----- Original Message ----- GW> From: "3APA3A" <[EMAIL PROTECTED]> GW> To: "Guy Warner" <[EMAIL PROTECTED]> GW> Sent: Wednesday, March 26, 2003 4:19 PM GW> Subject: Re: Help needed with MS Chap v2 >> Dear Guy Warner, >> >> Authentication fails because of username or password mismatch. It may be >> if packet is corrupted, if realm is not stripped from username or >> password contains non-ASCII characters. >> >> --Wednesday, March 26, 2003, 7:10:32 PM, you wrote to GW> [EMAIL PROTECTED]: >> >> GW> Hi >> >> GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users GW> with >> GW> MS Chap v2. The information about each user is obtained from an LDAP GW> server. >> GW> The requests for authentication are being received via a proxy server. >> >> GW> The problem is that all requests to authenticate a user result in >> GW> rlm_mschap: Nothing in the packet I recognise: Rejecting the GW> user >> >> GW> The mschap section of radiusd.conf is as follows >> >> GW> mschap { >> GW> authtype = MS-CHAP >> GW> use_mppe = yes >> GW> require_encryption = yes >> GW> require_strong = yes >> GW> } >> >> >> GW> The output from radiusd in debug mode contains the following >> >> GW> rad_recv: Access-Request packet from host <omitted>:1814, GW> id=3, >> GW> length=172 >> GW> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2 >> GW> MS-CHAP2-Response = >> GW> GW> 0x0100613e878f3075d4825db25f99da79dac300000000000000002d620d49a20f637cae65f3 >> GW> 05c09460bdc1c3047ab43476f5 >> GW> User-Name = "[EMAIL PROTECTED]" >> GW> NAS-IP-Address = <omitted> >> GW> NAS-Identifier = <omitted> >> GW> Service-Type = Framed-User >> GW> Framed-Protocol = PPP >> GW> Proxy-State = 0x313630 >> GW> ...... >> GW> Debug: modcall: entering group authtype >> GW> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password >> GW> Debug: rlm_mschap: Authentication failed >> GW> Debug: rlm_mschap: Nothing in the packet I recognise: GW> Rejecting the >> GW> user >> GW> Debug: modcall[authenticate]: module "mschap" returns reject >> >> >> GW> The username is stripped of the domain since usernames are storred on GW> the >> GW> LDAP server in the short form. >> >> GW> Any suggestions on how to fix this problem would be gratefully GW> received. If >> GW> I have not provided sufficient information to diagnose the error then GW> please >> GW> let me know and I will send more information. >> >> >> GW> Thanks in advance >> >> >> GW> Guy Warner >> >> >> GW> - >> GW> List info/subscribe/unsubscribe? See GW> http://www.freeradius.org/list/users.html >> >> >> -- >> ~/ZARAZA >> ЭНИАКам - по морде! (Лем) >> >> >> - >> List info/subscribe/unsubscribe? See GW> http://www.freeradius.org/list/users.html >> GW> - GW> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Клянусь лысиной пророка Моисея - я тебя сейчас съем. (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html