[RADIATOR] Suggestion for Error Message in AuthByLSA / MSCHAPv2

Heikki Vatiainen hvn at open.com.au
Tue Nov 26 03:27:00 CST 2013 

On 11/22/2013 05:53 PM, Johnson, Neil M wrote:

> We are using AuthByLSA and EAP/PEAP/MSCHAPv2 for wireless authentication.
> 
> The only message we see in our AuthLog when a user is either
> non-existiant or has a bad password is:
> Nov 22 03:33:13 itsnt552.iowa.uiowa.edu <http://itsnt552.iowa.uiowa.edu>
> c: \Perl64\bin\radiusd[2056]: 03:33:13 | A0-F4-50-AF-8A-76 |
> Pheneghan at uiowa.edu <mailto:Pheneghan at uiowa.edu> | FAIL: EAP MSCHAP V2
> failed: no such user Pheneghan at uiowa.edu <mailto:Pheneghan at uiowa.edu> |
>  | NAS-IP 128.255.11.136
> 
> However right before the AuthLog message we get the following Trace 2
> message Logged.
> Nov 22 03:33:13 itsnt552.iowa.uiowa.edu <http://itsnt552.iowa.uiowa.edu>
> c: \Perl64\bin\radiusd[2056]: Could not LogonUserNetworkMSCHAP (V2):
> 3221225581, 0, Logon failure: unknown user name or bad password.#015

Hello Neil,

the status (return) value from the logon call is 3221225581, or
0xC000006D in hex. The MS NTSTATUS list:
http://msdn.microsoft.com/en-us/library/cc704588.aspx tells:

'... bad username or authentication information.'

The substatus code in the error message is 0. If you look at the error
logs, do you see different values for status and substatus values? For
example, 0xC000006D and 0xC0000064 for 'bad username or authentication
information' and 'no such user'.

> Is there away to differentiate  between "unknown user name" and "bad
> password" in the logs.

The logon call returns just status, and substatus can be fetched
separately, so the two values in the log message is the only information
available. However, you may want to check if the values change based on
the real reason such has bad password or non-existing user.

> It would help us track down users with misconfigured wireless devices.

Please let us know if the above helps. It may depend on the windows
environment, so I can not tell for sure what the status codes will tell.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list