CD DD wrote:
> The windows client get now the password change Window.
>
> But i still have one issue:
> the new passphrase will not changed.
>
> I got: MS-CHAP-NT-Enc-PW with invalid format
It's another VENDORPEC_MICROSOFT issue.
See the following commit on github:
https://github.com/aland
Hi Phil,
> src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
>
> about line 741, maybe this:
>
>pairmove2(&response, &handler->request->reply->vps,
> PW_MSCHAP_ERROR, 0);
>
> ...should be:
>
>pairmove2(&response, &handler->request->reply->vps,
> PW_M
Phil Mayers wrote:
> src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
>
> about line 741, maybe this:
>
>pairmove2(&response, &handler->request->reply->vps,
> PW_MSCHAP_ERROR, 0);
>
> ...should be:
>
>pairmove2(&response, &handler->request->reply->vps,
>
On 13/06/12 10:44, Alan DeKok wrote:
CD DD wrote:
i changed the source src/modules/rlm_mschap/rlm_mschap.c, recompiled and
re-installed it.
But it still not working.
Why the passchange part will not handled ?
...
(8) mschap :expand: --nt-response=%{%{mschap:NT-Response}:-00} ->
--nt-re
CD DD wrote:
> i changed the source src/modules/rlm_mschap/rlm_mschap.c, recompiled and
> re-installed it.
>
> But it still not working.
> Why the passchange part will not handled ?
...
> (8) mschap : expand: --nt-response=%{%{mschap:NT-Response}:-00} ->
> --nt-response=e3426708aea6af13c9ba6ca
Hi Phil, Alan,
>Ok. ntlm_auth is returning something different to what I saw in testing.
>Have you set the "must change password at next login" bit, as opposed to
>"expired" bit?
>
>Try this:
>
> 1. Edit src/modules/rlm_mschap/rlm_mschap.c about line 1100, where it
>says:
>
> if (strstr(buff
CD DD wrote:
>> The MSCHAP password change code looks for the string "Password expired"
>> in the output of the ntlm_auth command. If your ntlm_auth is printing
>> something different, it'll just assume it's a regular failure.
>
> Sure, here are the Debug output:
Which doesn't contain the st
On 06/12/2012 06:47 PM, CD DD wrote:
Exec-Program output: Must change password (0xc224)
Exec-Program-Wait: plaintext: Must change password (0xc224)
Ok. ntlm_auth is returning something different to what I saw in testing.
Have you set the "must change password at next login" bit, as op
Hi Phil,
>> But i got from the ntlm_auth Error 691 which are send back to client.
>
>Please post full debugging output i.e. run "radiusd -X" and post the
>output to the list.
>
>Better yet, gather the debug output and READ IT carefully first, to see
>if you can spot the problem.
>
>The MSCHAP
On 12/06/12 17:09, CD DD wrote:
But i got from the ntlm_auth Error 691 which are send back to client.
Please post full debugging output i.e. run "radiusd -X" and post the
output to the list.
Better yet, gather the debug output and READ IT carefully first, to see
if you can spot the problem
Hi Alan,
>CD DD wrote:
>> Hi Alan,
>>
>>
>> i'm sorry to bother you again.
>>
>> I compiled now the "GIT" version (it's the same as download version), >and i
>> got the same results.
>>
>> The FR is really 3.0.0. you can see that in the debug log.
>> There is no differences in the results as
CD DD wrote:
> Hi Alan,
>
>
> i'm sorry to bother you again.
>
> I compiled now the "GIT" version (it's the same as download version), and i
> got the same results.
>
> The FR is really 3.0.0. you can see that in the debug log.
> There is no differences in the results as before i did.
>
> So
Hi Alan,
i'm sorry to bother you again.
I compiled now the "GIT" version (it's the same as download version), and i got
the same results.
The FR is really 3.0.0. you can see that in the debug log.
There is no differences in the results as before i did.
So what's wrong ?
I used also a cleaned
CD DD wrote:
> well, i downloaded the zip file, because the server did not have git
> protocoll allowed per firewall.
*Your* firewall is blocking git.
You do realize that github allows HTTP replication, right?
There's a button labelled "HTTP" on:
https://github.com/alandekok/freeradius-s
Hi Alan,
well, i downloaded the zip file, because the server did not have git protocoll
allowed per firewall.
But i checked the git version against the zip downloaded version, and it is the
same version.
>> yes, i tried now the latest freeradius version from git master:
>> (alandekok-freeradi
CD DD wrote:
> yes, i tried now the latest freeradius version from git master:
> (alandekok-freeradius-server-release_2_1_7-1596-g3ce9b29.zip)
Where did you get that from? Release 2.1.7? Really?
> But i have still the same issue, that the password change is not handled.
> I added my config fi
Hi Alan,
yes, i tried now the latest freeradius version from git master:
(alandekok-freeradius-server-release_2_1_7-1596-g3ce9b29.zip)
But i have still the same issue, that the password change is not handled.
I added my config files and the debug output as attachment, maybe i missed some
parame
You are running latest version of freeradius?
You have read the inner-tunnel virtual server config file near the end? And the
MSCHAP module file near the end?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
it seems that is not possible that a user can change the password on loggon
screen in windows 7 with freeradius after it has expired, except i use a
windows IAS / NPS Server, or not ?
I debugged the RAS crap on windows side and in the Logs i have:
[3564] 04-12 12:02:33:182: EapChapBeginMS
Hi Alan,
hmm, it seems not working by me.
In the Debug Log you can see, that the radius Server send the CHAP-Error to the
Supplicant. And on Windows 7 side, i got an Invalid Login but NOT a Password
Change window.
But this should Pop up with enabled passchange feature, right ?
I enabled the p
CD DD wrote:
> and how do i get this working ?
read raddb/mods-available/mschap
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan,
and how do i get this working ?
I installed freeradius 3.0.0 and tested it, no chance by me !
Thanks,
Alan DeKok wrote:
>Aman Arneja wrote:
>> Password change and retry is very much supported for Windows and Eap
>> for (P)eap-mschapv2. There would be some flag that needs to be set
Aman Arneja wrote:
> Password change and retry is very much supported for Windows and Eap
> for (P)eap-mschapv2. There would be some flag that needs to be set for
> this after which it will work, will check what that flag is and write
> back in some time
The git "master" branch of FreeRADIUS sup
To: freeradius-users@lists.freeradius.org
Subject: Re: EAP-PEAP + Windows 7 with SSO and Password change
Yes, basically, password change operations are not supported by
Windows EAP support. Not to mention RADIUS as well.
Dave.
Quoting c_dor...@gmx.de:
> Hi,
>
>
> we would like to us
Yes, basically, password change operations are not supported by
Windows EAP support. Not to mention RADIUS as well.
Dave.
Quoting c_dor...@gmx.de:
Hi,
we would like to use freeradius server for setup port access per
802.1x on wired LAN. The plan is to have a guest-vlan for
unauthenti
25 matches
Mail list logo