Regression #12017
closed
FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
0%
Description
[[https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283]] Bug 256283
l2tp authentication using radius is broken after the upgrade to version 2.6.0.a.20210608.0100
Logging of l2tp service shows:
l2tps 42538 [l2tp_l-1] RADIUS: Authenticating user 'username'
l2tps 42538 [l2tp_l-1] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'username'
l2tps 42538 [l2tp_l-1] RADIUS: PANIC no MS-CHAP2-Success received from server!
l2tps 42538 [l2tp_l-1] AUTH: RADIUS returned error
Updated by Jim Pingle almost 3 years ago
- Target version set to 2.6.0
- Plus Target Version set to 21.09
Updated by Jim Pingle almost 3 years ago
I am unable to reproduce this on 2.6.0.a.20210609.0100 or 2.5.2.r.20210609.0300
In either case, the authentication through RADIUS succeeded even when L2TP is set to use MSCHAPv2
Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: rec'd Configure Ack #2 (Ack-Sent) Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] ACFCOMP Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] PROTOCOMP Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] MRU 1500 Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] MAGICNUM 0x<stuff> Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] AUTHPROTO CHAP MSOFTv2 Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: state change Ack-Sent --> Opened Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: auth: peer wants nothing, I want CHAP Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: sending CHALLENGE #1 len: 21 Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: LayerUp Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: rec'd RESPONSE #1 len: 61 Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] Name: "<stuff>" Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] AUTH: Trying RADIUS Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] RADIUS: Authenticating user '<stuff>' Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user '<stuff>' Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] AUTH: RADIUS returned: authenticated Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: Auth return status: authenticated Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: Reply message: S=<stuff> Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] CHAP: sending SUCCESS #1 len: 46 Jun 9 13:42:23 donna l2tps[2560]: [l2tp_l-1] LCP: authorization successful
We should still check to be sure the errata patch made it in the tree.
Updated by Michele Rento almost 3 years ago
After several attempts I confirm that the bug is on libradius.so.4
I've replaced the library with the patched version and everything works.
Updated by Jim Pingle almost 3 years ago
- Assignee set to Luiz Souza
- Target version changed from 2.6.0 to 2.5.2
I do see the initial broken commit (83280d17fccff2db7d79c7f38e80ec29078ef35e) in 2.5.2 as well, so we need to bring in the follow-up commit (6bb5699d2b59491097bc21ffa3c097cdd4853f89) for RELENG_2_5_2 and devel-12 for 2.6.0.
Updated by Jim Pingle almost 3 years ago
- Release Notes changed from Default to Force Exclusion
Updated by Renato Botelho almost 3 years ago
Jim Pingle wrote:
I do see the initial broken commit (
83280d17fccff2db7d79c7f38e80ec29078ef35e) in 2.5.2 as well, so we need to bring in the follow-up commit (6bb5699d2b59491097bc21ffa3c097cdd4853f89) for RELENG_2_5_2 and devel-12 for 2.6.0.
I've cherry-picked 6bb5699d2b59491097bc21ffa3c097cdd4853f89 to RELENG_2_5_2. It will be brought to devel-12 on next merge from upstream stable/12
Updated by Renato Botelho almost 3 years ago
- Status changed from New to Feedback
Updated by Renato Botelho almost 3 years ago
- Status changed from Feedback to Resolved
Updated by Jim Pingle over 2 years ago
- Plus Target Version changed from 21.09 to 22.01