Dear Guy Warner,
This line simply notifies you there is no authentication schema may be
used for packet (for MS-CHAPv1 both LM and NT authentication is
available, for MS-CHAPv2 only NT and it fails in your case). Packet
corruption is most unlikely from all variants.
--Wednesday, March 26, 2003, 7:38:27 PM, you wrote to [EMAIL PROTECTED]:
GW> Thanks for the fast replies. The line
GW> Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the user
GW> makes me believe the packet is corrupted. Is there any way to test this. My
GW> suspicion is that the packet is being corrupted by the proxy server, however
GW> since this is running a dedicated operating system there is not a lot I can
GW> modify on it. The software used to send the initial request to the proxy is
GW> RASPPOE_098B.
GW> The LDAP server is authorizing the user names fine.
GW> Thanks again.
GW> Guy Warner
GW> ----- Original Message -----
GW> From: "3APA3A" <[EMAIL PROTECTED]>
GW> To: "Guy Warner" <[EMAIL PROTECTED]>
GW> Sent: Wednesday, March 26, 2003 4:19 PM
GW> Subject: Re: Help needed with MS Chap v2
>> Dear Guy Warner,
>>
>> Authentication fails because of username or password mismatch. It may be
>> if packet is corrupted, if realm is not stripped from username or
>> password contains non-ASCII characters.
>>
>> --Wednesday, March 26, 2003, 7:10:32 PM, you wrote to
GW> [EMAIL PROTECTED]:
>>
>> GW> Hi
>>
>> GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users
GW> with
>> GW> MS Chap v2. The information about each user is obtained from an LDAP
GW> server.
>> GW> The requests for authentication are being received via a proxy server.
>>
>> GW> The problem is that all requests to authenticate a user result in
>> GW> rlm_mschap: Nothing in the packet I recognise: Rejecting the
GW> user
>>
>> GW> The mschap section of radiusd.conf is as follows
>>
>> GW> mschap {
>> GW> authtype = MS-CHAP
>> GW> use_mppe = yes
>> GW> require_encryption = yes
>> GW> require_strong = yes
>> GW> }
>>
>>
>> GW> The output from radiusd in debug mode contains the following
>>
>> GW> rad_recv: Access-Request packet from host <omitted>:1814,
GW> id=3,
>> GW> length=172
>> GW> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
>> GW> MS-CHAP2-Response =
>> GW>
GW> 0x0100613e878f3075d4825db25f99da79dac300000000000000002d620d49a20f637cae65f3
>> GW> 05c09460bdc1c3047ab43476f5
>> GW> User-Name = "[EMAIL PROTECTED]"
>> GW> NAS-IP-Address = <omitted>
>> GW> NAS-Identifier = <omitted>
>> GW> Service-Type = Framed-User
>> GW> Framed-Protocol = PPP
>> GW> Proxy-State = 0x313630
>> GW> ......
>> GW> Debug: modcall: entering group authtype
>> GW> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
>> GW> Debug: rlm_mschap: Authentication failed
>> GW> Debug: rlm_mschap: Nothing in the packet I recognise:
GW> Rejecting the
>> GW> user
>> GW> Debug: modcall[authenticate]: module "mschap" returns reject
>>
>>
>> GW> The username is stripped of the domain since usernames are storred on
GW> the
>> GW> LDAP server in the short form.
>>
>> GW> Any suggestions on how to fix this problem would be gratefully
GW> received. If
>> GW> I have not provided sufficient information to diagnose the error then
GW> please
>> GW> let me know and I will send more information.
>>
>>
>> GW> Thanks in advance
>>
>>
>> GW> Guy Warner
>>
>>
>> GW> -
>> GW> List info/subscribe/unsubscribe? See
GW> http://www.freeradius.org/list/users.html
>>
>>
>> --
>> ~/ZARAZA
>> ЭНИАКам - по морде! (Лем)
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
GW> http://www.freeradius.org/list/users.html
>>
GW> -
GW> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Клянусь лысиной пророка Моисея - я тебя сейчас съем. (Твен)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
