Hi Phil,
src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
about line 741, maybe this:
pairmove2(response, handler-request-reply-vps,
PW_MSCHAP_ERROR, 0);
...should be:
pairmove2(response, handler-request-reply-vps,
PW_MSCHAP_ERROR,
CD DD wrote:
The windows client get now the password change Window.
But i still have one issue:
the new passphrase will not changed.
I got: MS-CHAP-NT-Enc-PW with invalid format
It's another VENDORPEC_MICROSOFT issue.
See the following commit on github:
CD DD wrote:
The MSCHAP password change code looks for the string Password expired
in the output of the ntlm_auth command. If your ntlm_auth is printing
something different, it'll just assume it's a regular failure.
Sure, here are the Debug output:
Which doesn't contain the string
Hi Phil, Alan,
Ok. ntlm_auth is returning something different to what I saw in testing.
Have you set the must change password at next login bit, as opposed to
expired bit?
Try this:
1. Edit src/modules/rlm_mschap/rlm_mschap.c about line 1100, where it
says:
if (strstr(buffer, Password
CD DD wrote:
i changed the source src/modules/rlm_mschap/rlm_mschap.c, recompiled and
re-installed it.
But it still not working.
Why the passchange part will not handled ?
...
(8) mschap : expand: --nt-response=%{%{mschap:NT-Response}:-00} -
On 13/06/12 10:44, Alan DeKok wrote:
CD DD wrote:
i changed the source src/modules/rlm_mschap/rlm_mschap.c, recompiled and
re-installed it.
But it still not working.
Why the passchange part will not handled ?
...
(8) mschap :expand: --nt-response=%{%{mschap:NT-Response}:-00} -
Phil Mayers wrote:
src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
about line 741, maybe this:
pairmove2(response, handler-request-reply-vps,
PW_MSCHAP_ERROR, 0);
...should be:
pairmove2(response, handler-request-reply-vps,
Hi Alan,
yes, i tried now the latest freeradius version from git master:
(alandekok-freeradius-server-release_2_1_7-1596-g3ce9b29.zip)
But i have still the same issue, that the password change is not handled.
I added my config files and the debug output as attachment, maybe i missed some
CD DD wrote:
yes, i tried now the latest freeradius version from git master:
(alandekok-freeradius-server-release_2_1_7-1596-g3ce9b29.zip)
Where did you get that from? Release 2.1.7? Really?
But i have still the same issue, that the password change is not handled.
I added my config files
Hi Alan,
well, i downloaded the zip file, because the server did not have git protocoll
allowed per firewall.
But i checked the git version against the zip downloaded version, and it is the
same version.
yes, i tried now the latest freeradius version from git master:
CD DD wrote:
well, i downloaded the zip file, because the server did not have git
protocoll allowed per firewall.
*Your* firewall is blocking git.
You do realize that github allows HTTP replication, right?
There's a button labelled HTTP on:
Hi Alan,
i'm sorry to bother you again.
I compiled now the GIT version (it's the same as download version), and i got
the same results.
The FR is really 3.0.0. you can see that in the debug log.
There is no differences in the results as before i did.
So what's wrong ?
I used also a cleaned
CD DD wrote:
Hi Alan,
i'm sorry to bother you again.
I compiled now the GIT version (it's the same as download version), and i
got the same results.
The FR is really 3.0.0. you can see that in the debug log.
There is no differences in the results as before i did.
So what's wrong
Hi Alan,
CD DD wrote:
Hi Alan,
i'm sorry to bother you again.
I compiled now the GIT version (it's the same as download version), and i
got the same results.
The FR is really 3.0.0. you can see that in the debug log.
There is no differences in the results as before i did.
So
On 12/06/12 17:09, CD DD wrote:
But i got from the ntlm_auth Error 691 which are send back to client.
Please post full debugging output i.e. run radiusd -X and post the
output to the list.
Better yet, gather the debug output and READ IT carefully first, to see
if you can spot the problem.
Hi Phil,
But i got from the ntlm_auth Error 691 which are send back to client.
Please post full debugging output i.e. run radiusd -X and post the
output to the list.
Better yet, gather the debug output and READ IT carefully first, to see
if you can spot the problem.
The MSCHAP password
On 06/12/2012 06:47 PM, CD DD wrote:
Exec-Program output: Must change password (0xc224)
Exec-Program-Wait: plaintext: Must change password (0xc224)
Ok. ntlm_auth is returning something different to what I saw in testing.
Have you set the must change password at next login bit, as
Hi,
regarding Amans post from Apr 5.:
Aman Arneja arneja.aman at gmail.com wrote:
Password change and retry is very much supported for Windows and Eap
for (P)eap-mschapv2. There would be some flag that needs to be set for
this after which it will work, will check what that flag is and
You are running latest version of freeradius?
You have read the inner-tunnel virtual server config file near the end? And the
MSCHAP module file near the end?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
it seems that is not possible that a user can change the password on loggon
screen in windows 7 with freeradius after it has expired, except i use a
windows IAS / NPS Server, or not ?
I debugged the RAS crap on windows side and in the Logs i have:
[3564] 04-12 12:02:33:182:
Hi Alan,
hmm, it seems not working by me.
In the Debug Log you can see, that the radius Server send the CHAP-Error to the
Supplicant. And on Windows 7 side, i got an Invalid Login but NOT a Password
Change window.
But this should Pop up with enabled passchange feature, right ?
I enabled the
CD DD wrote:
and how do i get this working ?
read raddb/mods-available/mschap
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
we would like to use freeradius server for setup port access per 802.1x on
wired LAN. The plan is to have a guest-vlan for unauthenticated supplicants and
a vlan assignment for authenticated supplicants.
We configured the freeradius Server (Version 2.1.12) to use peap/mschapv2 for
user
Yes, basically, password change operations are not supported by
Windows EAP support. Not to mention RADIUS as well.
Dave.
Quoting c_dor...@gmx.de:
Hi,
we would like to use freeradius server for setup port access per
802.1x on wired LAN. The plan is to have a guest-vlan for
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP-PEAP + Windows 7 with SSO and Password change
Yes, basically, password change operations are not supported by
Windows EAP support. Not to mention RADIUS as well.
Dave.
Quoting c_dor...@gmx.de:
Hi,
we would like to use freeradius
Aman Arneja wrote:
Password change and retry is very much supported for Windows and Eap
for (P)eap-mschapv2. There would be some flag that needs to be set for
this after which it will work, will check what that flag is and write
back in some time
The git master branch of FreeRADIUS supports
Hi Alan,
and how do i get this working ?
I installed freeradius 3.0.0 and tested it, no chance by me !
Thanks,
Alan DeKok wrote:
Aman Arneja wrote:
Password change and retry is very much supported for Windows and Eap
for (P)eap-mschapv2. There would be some flag that needs to be set for
27 matches
Mail list logo