Hi,
it seems that is not possible that a user can change the password on loggon screen in windows 7 with freeradius after it has expired, except i use a windows IAS / NPS Server, or not ? I debugged the RAS crap on windows side and in the Logs i have: [3564] 04-12 12:02:33:182: EapChapBeginMSChapV2 [3564] 04-12 12:02:33:182: ReadUserData [3564] 04-12 12:02:33:182: Version three user blob is passed, size: 1018 [3564] 04-12 12:02:33:182: ReadConnectionData [3564] 04-12 12:02:33:182: EapChapBeginCommon [3564] 04-12 12:02:33:182: ChapBegin(fS=0,bA=0x81) [3564] 04-12 12:02:33:182: StoreCredentials [3564] 04-12 12:02:33:198: ChapBegin done. [3564] 04-12 12:02:33:198: ChapMakeMessage,RBuf=0000000000000000 [3564] 04-12 12:02:33:198: ChapCMakeMessage... [3564] 04-12 12:02:33:198: CS_Initial [3564] 04-12 12:02:33:198: EapMSChapv2MakeMessage [3564] 04-12 12:02:33:198: EapMSChapv2CMakeMessage (DOMAIN\test) [3564] 04-12 12:02:33:198: EMV2_Initial [3564] 04-12 12:02:33:198: EapMSChapv2CMakeMessage: Rcvd packet size: 37 [3564] 04-12 12:02:33:198: ChapMakeMessage,RBuf=0000000004352B35 [3564] 04-12 12:02:33:198: ChapCMakeMessage... [3564] 04-12 12:02:33:198: CS_WaitForChallenge [3564] 04-12 12:02:33:198: MakeResponseMessage... [3564] 04-12 12:02:33:198: Generating Challenge [3564] 04-12 12:02:33:198: GetChallenge. [3564] 04-12 12:02:33:198: GetChallenge: LsaCallAuthenticationPackage succeeded [3564] 04-12 12:02:33:198: GetChallenge. [3564] 04-12 12:02:33:198: GetChallenge: LsaCallAuthenticationPackage succeeded [3564] 04-12 12:02:33:198: GetChallengeResponse [3564] 04-12 12:02:33:198: GetDESChallengeResponse [3564] 04-12 12:02:33:198: GetDESChallengeResponse Success [3564] 04-12 12:02:33:198: GetMD5ChallengeResponse Success [3564] 04-12 12:02:33:198: GetMD5ChallengeResponse Success [3564] 04-12 12:02:33:198: GetChallengeResponse Success [3564] 04-12 12:02:33:198: GetChallengeResponse=0 02 09 00 41 31 1F C4 A4 0B D5 E9 77 D5 CB E9 34 |...A1......w...4| 94 7E 7B 04 E2 00 00 00 00 00 00 00 00 85 83 94 |.~{.............| DF 03 C5 95 73 46 E5 57 2D A5 03 D5 1B 75 EE 7F |....sF.W-....u.| 26 D3 16 59 DE 00 5A 4F 4F 50 4C 55 53 5C 77 74 |&..Y..DOMAIN\tes| 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |t...............| [3564] 04-12 12:02:33:245: EapMSChapv2MakeMessage [3564] 04-12 12:02:33:245: EapMSChapv2CMakeMessage (DOMAIN\test) [3564] 04-12 12:02:33:245: EMV2_ResponseSend [3564] 04-12 12:02:33:245: Got a Code Failure when expecting Response. Failing Auth [3728] 04-12 12:02:34:290: EapMSChapv2End [3728] 04-12 12:02:34:290: ChapEnd Maybe the FR send a wrong EAP Messages to the Client ? Is it anyway possible to get the whole unencrypted EAP Message from FR ? Network traces are useless cause crypted traffic. thanks, C. -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html