Thanks for the patches - I've built a new server and hopefully will test
tomorrow.
On the re-reading of config I can live without the HUP not causing mschap
to re-read it's config - just assumed that it would.
johnh...
On Wed, 20 Apr 2011, Phil Mayers wrote:
Date: Wed, 20 Apr 2011 17:53:42
From: Phil Mayers <p.may...@imperial.ac.uk>
Reply-To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
To: freeradius-users@lists.freeradius.org
Subject: Re: MS-CHAP-V2 with no retry
On 04/20/2011 11:14 PM, john.hayw...@wheaton.edu wrote:
I have been able to do some testing with the adjustments for MS-CHAP-V2
related to error and retires.
There are two items I observed with testing:
1) If I sent a HUP signal to the server it appears to re-read the
configuration files but for some reason does not re-read the mschap
module - so changing this module while testing seemed to require a
restart on the server. Is that the expected behavior?
rlm_mschap doesn't implement a HUP handler AFAICT. It probably wouldn't be
terribly hard to write one - the module is fairly stateless. It's probably
best to just restart the server though.
2) If retry=yes then on Windows-7 on failure a notification is given if
they click they are presented with a message indicating their username
or password are incorrect and given an opportunity to re-enter only a
password. If they enter the correct password the authentication fails
and they have to re-connect to get a duologue box where they can enter
both the username and password. I have not traced down to determine why
the client thinks there is a failure (eg need to see if FRS thinks it is
a failure or not). This I believe is not what should be happening.
I think this is probably because the EAP-MSCHAP modules needs to parse and
store the new challenge in the error message. If it doesn't, the server and
client will disagree on the challenge/response value and auth will fail
This patch implements the required behaviour (as part of the "support
password change" code):
https://github.com/philmayers/freeradius-server/commit/44a81366fb0b909d9165ec5650004bd979c0f9d9
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html