F
FelixHF
I needed a reference implementation of MS-CHAP-v2 "Successful authentication with password change" scenario (RFC 2759, Section 9.1.6), so I looked at Microsoft NPS server.
In my test I connected NPS to an Active Directory, which contained a user with an expired password, and I used RRAS server and a VPN connection from a Windows 7 client to simulate an authentication (Win 7 <--> RRAS <-- RADIUS MS-CHAP-v2 --> NPS <--> AD). NPS returned a failure packer ACCESS_REJECT with the following message: "E=648 R=0 V=3", but no "C=...". RFC 2759 says challenge must be present in the Failure Packet and it must be used in the subsequent message to the server. Also "V=3" indicates it is MS-CHAP-v2.
On the other hand, Challenge is optional in MS-CHAP RFC 2433, but then "V" must be set to "2", which is not my case.
Nevertheless, RRAS completed the password change procedure successfully. So I have the following questions:
- which challenge was used by RRAS in the second request to NPS?
- which RFC describes this flow?
- why there was no challenge/message in the ACCESS_REJECT?
Thank you.
Continue reading...
In my test I connected NPS to an Active Directory, which contained a user with an expired password, and I used RRAS server and a VPN connection from a Windows 7 client to simulate an authentication (Win 7 <--> RRAS <-- RADIUS MS-CHAP-v2 --> NPS <--> AD). NPS returned a failure packer ACCESS_REJECT with the following message: "E=648 R=0 V=3", but no "C=...". RFC 2759 says challenge must be present in the Failure Packet and it must be used in the subsequent message to the server. Also "V=3" indicates it is MS-CHAP-v2.
On the other hand, Challenge is optional in MS-CHAP RFC 2433, but then "V" must be set to "2", which is not my case.
Nevertheless, RRAS completed the password change procedure successfully. So I have the following questions:
- which challenge was used by RRAS in the second request to NPS?
- which RFC describes this flow?
- why there was no challenge/message in the ACCESS_REJECT?
Thank you.
Continue reading...