[Bug 256283] FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
Date: Mon, 31 May 2021 07:18:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283
Bug ID: 256283
Summary: FreeBSD-SA-21:12.libradius breaks mpd5 when using
MS-CHAPv2
Product: Base System
Version: 13.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: topical@gmx.net
This SA breaks mpd5 with MS-CHAPv2.
No workaround available but to replace libradius* with pre-SA version.
Setup: if there is a dial in server using
* mpd5
* external radius server in different jail (freeradius3)
* MS-CHAPv2 for authentication (done by freeradius3)
authentication succeeds, but mpd5 disconnects immediately because of alleged
missing MS-CHAP2-Success attributes.
Logging of mpd5 shows:
mpd[10012]: [L_l2tp] RADIUS: Authenticating user 'username'
mpd[10012]: [L_l2tp] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'username'
mpd[10012]: [L_l2tp] RADIUS: PANIC no MS-CHAP2-Success received from
server!
Checking this at freeradius3 server and packet capture show that the attribute
indeed exists but seems to be ignored by mpd5/libradius.
Replacing libradius on log in server with pre-SA version makes mpd5 work again:
mpd[96202]: [L_l2tp] RADIUS: Authenticating user 'user'
mpd[96202]: [L_l2tp] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'user'
mpd[96202]: [L_l2tp] AUTH: RADIUS returned: authenticated
mpd[96202]: [L_l2tp] CHAP: Auth return status: authenticated
mpd[96202]: [L_l2tp] CHAP: Reply message: S=XXXXXXXX
mpd[96202]: [L_l2tp] CHAP: sending SUCCESS #1 len: 46
I haven't found out which part of fix is to be blamed but this situation is
rather unpleasant (especially since mpd5 is the main application of libradius).
--
You are receiving this mail because:
You are the assignee for the bug.