See comments below - johnh...
Phil Mayers wrote:
On 04/03/11 09:46, Alan DeKok wrote:
Isn't that what this code does in rlm_eap_mschapv2.c:
It's *supposed* to add the error message. But so far as I can see,
it's never called when the PW_MSCHAP_ERROR is used.
Perhaps I'm mis-reading it?
Nope. It's just never used.
Anyways, due to that (and other) issues, I've attached a new patch.
That *should* just re-use the MS-CHAP-Error string from the MS-CHAP
module, without over-writing it with a fixed error.
Is this a proper statement of the summary of where we are:
1) In freeradius version 2.1.10 and older (at least 1.1.7) when there was
a bug in that when there was a PW_EAP_MSCHAPV2_FAILURE while there was
a response sent back to the client but there was no message in the
response.
2) The patch given resolves that problem - giving the message
of the rlm_mschap.c module of E=691 R=1
3) It is possible to configure in radius.conf the message on failure by:
====
post-auth {
Post-Auth-Type REJECT {
if (reply:MS-CHAP-Error =~ /E=691 R=1/) {
update reply {
MS-CHAP-Error := "E=691 R=0"
}
}
}
}
====
Let me know where I am wrong in these assertions.
I will try to test the patch in our environment and let the results be
known next week.
johnh...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
