#StackBounty: #vmware-esxi #dell-poweredge #firmware Dell R510 can't access Lifecycle controller

Bounty: 50

NB: I’ve checked How to upgrade iDRAC firmware and BIOS of Dell PowerEdge R510? — they are much further along in that they have LifeCycle controller working and just had an issue with the filetype.

I’m having a tough time trying to update BIOS firmware and other ancient drivers/software on my Dell PowerEdge R510. It seems like the most straightforward way to do it would be to use the LifeCycle controller, point it to ftp.dell.com and handle it from there. Problem is, I don’t seem to have LCC installed (even though on SUU it says it is installed). When I boot into system services via F10, I am launched into UEFI Unified Server Configurator. In there, my only options are Home, OS Deployment, Hardware Diagnostics, USC settings (set ip address), and About. The OS deployment is the only options that says anything about Drivers, but when I try to load up from ftp.dell.com, I hit next, and it just refreshes back to the same page with no further progress. If I opt to save locally, I always get an error that USB is too small (even with empty 16GB drive).

Unified Server configurator doesn't have platform options or LifeCycle Controller

Failing at ftp.dell.com

So I downloaded and install Dell Repository Manager thinking I might be able to use that with SUU; but after installing, I don’t have an option to add bundles/create repos for R510 (it jumps from R440 to R520). Even so, I tried adding my own BIOS exe bundles, and always get the error 0 of n DUP's installed).
enter image description here
The server is running esxi 5.1 (yes it’s old, this is why I’m trying to update firmware so I can update OS). I also tried scp’ing the LifeCycle controller BIN to the host and running there, but was met with:

 /tmp # ./Lifecycle-Controller_Legacy_Application_0WFGM_LN_1.7.5.4_A00.BIN
Dell Update Package 14.11.201 (BLD_248)press RETURN)
Copyright (c) 2015 Dell, Inc. All Rights Reserved.
Release Title:
Dell LifeCycle Controller v1.7.5, 1.7.5.4, A00

Release Date:
April 24, 2015

Default Log File Name:
0WFGMA00

Reboot Required:
No

Supported System(s):
Equallogic DX6012S
Equallogic DX6000
Equallogic DX6004S
Equallogic DX6000G
Equallogic FS7500
PowerVault DL2100
PowerVault NX3500
PowerVault DL2200
PowerVault NX300'less', press 'q' to continue DUP exec; lines 1-23/104 11%
PowerVault NX3100less', press 'q' to continue DUP exec; lines 2-24/104 11%
Collecting inventory.................................................................................................................................................................................................................................................................................................................
Inventory Failure: Unified Server Configurator Failure - Detach USC failure - Detaching a partition has failed

It also seems to say in various places that iDrac is running, but I can’t access it from any web browser or shell. I ran nmap on the ip address and it never finds any services listening (this is the ip address set in BMIC).

Any ideas on what I might be doing wrong? Or is there an easier way to go about updating this firmware? Since it’s running ESXI, can I just scp over BIN files and run those?


Get this bounty!!!

#StackBounty: #cc.complexity-theory #graph-theory #sat #counting-complexity #planar-graphs Disproving $oplus$ETH by reducing $oplus k…

Bounty: 100

In this question and its answer, they discuss about reducing CNF-SAT with $n$ variables and $m$ clauses to a (problem on) planar graph $G=(V,E)$ with $|V|$ as small as possible. It is said that the best known reduction has $|V| = m^2$, and that if a better reduction with $|V| in o(m^2)$ is found, that would refute ETH.


There is a reduction from $oplus k$-SAT with $n$ variables and $m$ clauses to $oplus$VERTEX COVER where the output graph $G=(V,E)$ is planar and has $|V| = 51(k+1)nm$. Such reduction clearly meets the $|V| in o(m^2)$ requirement when $k$ is a constant and $m$ is superlinear in $n$.


Question
Can the same line of reasoning made within the linked question be applied here in order to refute $oplus$ETH, or am I missing some important detail?


Get this bounty!!!

#StackBounty: #machine-learning #python #pyspark #lime 'TabularLIME' is not defined Azure DataBricks

Bounty: 50

I have just started working on Azure Data bricks.

I am facing some error while running a already created Python NoteBook.

Here is the code:

import mmlspark
from mmlspark import *

lime = TabularLIME()
  .setModel(randomForestModel)
  .setPredictionCol("predict")
  .setOutputCol("weights")
  .setInputCol("feat")
lime_model = lime.fit(eng_train_pipe)
lime_model.save('dbfs:/mnt/aimodels/rf-eng-lag-lime')

Getting this error:

NameError                                 Traceback (most recent call last)
<command-2244283784192060> in <module>
      2 from mmlspark import *
      3 
----> 4 lime = TabularLIME()
      5   .setModel(rfModel)
      6   .setPredictionCol("prediction")

NameError: name 'TabularLIME' is not defined


Get this bounty!!!

#StackBounty: #linux #nfs Embedded NFS server doesn't support ver=2, but supports 1,3 – is this possible?

Bounty: 100

My 2.6.37 Linux from MontaVista has NFS modules compiled. I start them sequentially as:

rpcbind
rpc.nfsd 4
rpc.mountd
rpc.statd

with default config files and etab as:

/mnt/sda1 192.168.50.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,fsid=1,anonuid=65534,anongid=65534)

Everything works fine with my FC32 as a client:

[root@leonp mnt]# mount -v 192.168.1.1:/mnt/sda1/ srv
mount.nfs: timeout set for Mon Aug  3 16:04:08 2020
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.1.1,clientaddr=192.168.1.57'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4,minorversion=1,addr=192.168.1.1,clientaddr=192.168.1.57'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4,addr=192.168.1.1,clientaddr=192.168.1.57'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=192.168.1.1'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.1.1 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.1.1 prog 100005 vers 3 prot UDP port 39445
[root@leonp mnt]#

The problem starts when I try to connect with the client which supports NFSv2 only. So to test from PC:

[root@leonp mnt]# mount -vvv -o vers=2 192.168.1.1:/mnt/sda1/ srv
mount.nfs: timeout set for Mon Aug  3 13:50:14 2020
mount.nfs: trying text-based options 'vers=2,addr=192.168.1.1'
mount.nfs: prog 100003, trying vers=2, prot=6
mount.nfs: trying 192.168.1.1 prog 100003 vers 2 prot TCP port 2049
mount.nfs: prog 100005, trying vers=1, prot=17
mount.nfs: trying 192.168.1.1 prog 100005 vers 1 prot UDP port 36357
mount.nfs: mount(2): Protocol not supported
mount.nfs: Protocol not supported

Why this? I checked:

[root@leonp mnt]# rpcinfo 192.168.1.1 
   program version netid     address                service    owner
    100000    4    tcp       0.0.0.0.0.111          portmapper superuser
    100000    3    tcp       0.0.0.0.0.111          portmapper superuser
    100000    2    tcp       0.0.0.0.0.111          portmapper superuser
    100000    4    udp       0.0.0.0.0.111          portmapper superuser
    100000    3    udp       0.0.0.0.0.111          portmapper superuser
    100000    2    udp       0.0.0.0.0.111          portmapper superuser
    100000    4    local     /var/run/rpcbind.sock  portmapper superuser
    100000    3    local     /var/run/rpcbind.sock  portmapper superuser
    100003    2    tcp       0.0.0.0.8.1            nfs        unknown
    100003    3    tcp       0.0.0.0.8.1            nfs        unknown
    100003    2    udp       0.0.0.0.8.1            nfs        unknown
    100003    3    udp       0.0.0.0.8.1            nfs        unknown
    100021    1    udp       0.0.0.0.148.56         nlockmgr   unknown
    100021    3    udp       0.0.0.0.148.56         nlockmgr   unknown
    100021    4    udp       0.0.0.0.148.56         nlockmgr   unknown
    100021    1    tcp       0.0.0.0.228.206        nlockmgr   unknown
    100021    3    tcp       0.0.0.0.228.206        nlockmgr   unknown
    100021    4    tcp       0.0.0.0.228.206        nlockmgr   unknown
    100005    1    udp       0.0.0.0.142.5          mountd     superuser
    100005    1    tcp       0.0.0.0.130.95         mountd     superuser
    100005    2    udp       0.0.0.0.218.108        mountd     superuser
    100005    2    tcp       0.0.0.0.174.251        mountd     superuser
    100005    3    udp       0.0.0.0.154.21         mountd     superuser
    100005    3    tcp       0.0.0.0.132.150        mountd     superuser

The only one who does not support v2 is nlockmgr – can it be the cause of mount refusal?
To test this I tried to remove nlockmgr from running – no success. I tried to block it in /etc/rpc by commenting out 100021 – no success.

UPDATE:

#rcp.nfsd -d
rpc.nfsd: Checking netconfig for visible protocols.
rpc.nfsd: Enabling inet udp.
rpc.nfsd: Enabling inet tcp.
rpc.nfsd: knfsd is currently down
rpc.nfsd: Writing version string to kernel: +4.1 +2 +3 +4

#cat /proc/fs/nfsd/versions
+2 +3
============

Any help will be highly appreciated.


Get this bounty!!!

#StackBounty: #machine-learning #python #pyspark #lime 'TabularLIME' is not defined Azure DataBricks

Bounty: 50

I have just started working on Azure Data bricks.

I am facing some error while running a already created Python NoteBook.

Here is the code:

import mmlspark
from mmlspark import *

lime = TabularLIME()
  .setModel(randomForestModel)
  .setPredictionCol("predict")
  .setOutputCol("weights")
  .setInputCol("feat")
lime_model = lime.fit(eng_train_pipe)
lime_model.save('dbfs:/mnt/aimodels/rf-eng-lag-lime')

Getting this error:

NameError                                 Traceback (most recent call last)
<command-2244283784192060> in <module>
      2 from mmlspark import *
      3 
----> 4 lime = TabularLIME()
      5   .setModel(rfModel)
      6   .setPredictionCol("prediction")

NameError: name 'TabularLIME' is not defined


Get this bounty!!!

#StackBounty: #vmware-esxi #dell-poweredge #firmware Dell R510 can't access Lifecycle controller

Bounty: 50

NB: I’ve checked How to upgrade iDRAC firmware and BIOS of Dell PowerEdge R510? — they are much further along in that they have LifeCycle controller working and just had an issue with the filetype.

I’m having a tough time trying to update BIOS firmware and other ancient drivers/software on my Dell PowerEdge R510. It seems like the most straightforward way to do it would be to use the LifeCycle controller, point it to ftp.dell.com and handle it from there. Problem is, I don’t seem to have LCC installed (even though on SUU it says it is installed). When I boot into system services via F10, I am launched into UEFI Unified Server Configurator. In there, my only options are Home, OS Deployment, Hardware Diagnostics, USC settings (set ip address), and About. The OS deployment is the only options that says anything about Drivers, but when I try to load up from ftp.dell.com, I hit next, and it just refreshes back to the same page with no further progress. If I opt to save locally, I always get an error that USB is too small (even with empty 16GB drive).

Unified Server configurator doesn't have platform options or LifeCycle Controller

Failing at ftp.dell.com

So I downloaded and install Dell Repository Manager thinking I might be able to use that with SUU; but after installing, I don’t have an option to add bundles/create repos for R510 (it jumps from R440 to R520). Even so, I tried adding my own BIOS exe bundles, and always get the error 0 of n DUP's installed).
enter image description here
The server is running esxi 5.1 (yes it’s old, this is why I’m trying to update firmware so I can update OS). I also tried scp’ing the LifeCycle controller BIN to the host and running there, but was met with:

 /tmp # ./Lifecycle-Controller_Legacy_Application_0WFGM_LN_1.7.5.4_A00.BIN
Dell Update Package 14.11.201 (BLD_248)press RETURN)
Copyright (c) 2015 Dell, Inc. All Rights Reserved.
Release Title:
Dell LifeCycle Controller v1.7.5, 1.7.5.4, A00

Release Date:
April 24, 2015

Default Log File Name:
0WFGMA00

Reboot Required:
No

Supported System(s):
Equallogic DX6012S
Equallogic DX6000
Equallogic DX6004S
Equallogic DX6000G
Equallogic FS7500
PowerVault DL2100
PowerVault NX3500
PowerVault DL2200
PowerVault NX300'less', press 'q' to continue DUP exec; lines 1-23/104 11%
PowerVault NX3100less', press 'q' to continue DUP exec; lines 2-24/104 11%
Collecting inventory.................................................................................................................................................................................................................................................................................................................
Inventory Failure: Unified Server Configurator Failure - Detach USC failure - Detaching a partition has failed

It also seems to say in various places that iDrac is running, but I can’t access it from any web browser or shell. I ran nmap on the ip address and it never finds any services listening (this is the ip address set in BMIC).

Any ideas on what I might be doing wrong? Or is there an easier way to go about updating this firmware? Since it’s running ESXI, can I just scp over BIN files and run those?


Get this bounty!!!

#StackBounty: #vmware-esxi #dell-poweredge #firmware Dell R510 can't access Lifecycle controller

Bounty: 50

NB: I’ve checked How to upgrade iDRAC firmware and BIOS of Dell PowerEdge R510? — they are much further along in that they have LifeCycle controller working and just had an issue with the filetype.

I’m having a tough time trying to update BIOS firmware and other ancient drivers/software on my Dell PowerEdge R510. It seems like the most straightforward way to do it would be to use the LifeCycle controller, point it to ftp.dell.com and handle it from there. Problem is, I don’t seem to have LCC installed (even though on SUU it says it is installed). When I boot into system services via F10, I am launched into UEFI Unified Server Configurator. In there, my only options are Home, OS Deployment, Hardware Diagnostics, USC settings (set ip address), and About. The OS deployment is the only options that says anything about Drivers, but when I try to load up from ftp.dell.com, I hit next, and it just refreshes back to the same page with no further progress. If I opt to save locally, I always get an error that USB is too small (even with empty 16GB drive).

Unified Server configurator doesn't have platform options or LifeCycle Controller

Failing at ftp.dell.com

So I downloaded and install Dell Repository Manager thinking I might be able to use that with SUU; but after installing, I don’t have an option to add bundles/create repos for R510 (it jumps from R440 to R520). Even so, I tried adding my own BIOS exe bundles, and always get the error 0 of n DUP's installed).
enter image description here
The server is running esxi 5.1 (yes it’s old, this is why I’m trying to update firmware so I can update OS). I also tried scp’ing the LifeCycle controller BIN to the host and running there, but was met with:

 /tmp # ./Lifecycle-Controller_Legacy_Application_0WFGM_LN_1.7.5.4_A00.BIN
Dell Update Package 14.11.201 (BLD_248)press RETURN)
Copyright (c) 2015 Dell, Inc. All Rights Reserved.
Release Title:
Dell LifeCycle Controller v1.7.5, 1.7.5.4, A00

Release Date:
April 24, 2015

Default Log File Name:
0WFGMA00

Reboot Required:
No

Supported System(s):
Equallogic DX6012S
Equallogic DX6000
Equallogic DX6004S
Equallogic DX6000G
Equallogic FS7500
PowerVault DL2100
PowerVault NX3500
PowerVault DL2200
PowerVault NX300'less', press 'q' to continue DUP exec; lines 1-23/104 11%
PowerVault NX3100less', press 'q' to continue DUP exec; lines 2-24/104 11%
Collecting inventory.................................................................................................................................................................................................................................................................................................................
Inventory Failure: Unified Server Configurator Failure - Detach USC failure - Detaching a partition has failed

It also seems to say in various places that iDrac is running, but I can’t access it from any web browser or shell. I ran nmap on the ip address and it never finds any services listening (this is the ip address set in BMIC).

Any ideas on what I might be doing wrong? Or is there an easier way to go about updating this firmware? Since it’s running ESXI, can I just scp over BIN files and run those?


Get this bounty!!!

#StackBounty: #pdf Why isn't the 'Map Colors' fixup changing text colors?

Bounty: 50

I saw this question some where, I think Reddit, but I can’t find it. I have same issue.
Please see the screenshot beneath. I’ve uploaded the PDF to mega.nz I’m using Adobe Acrobat Pro DC Version 2019.010.20064.

I’m trying to convert the book’s default (C, M, Y, K) = (99%, 98%, 18%, 6%) (ie dark purple) to (90, 0, 90, 0) (green). After I click ‘OK’ and click ‘Fix’, Adobe Acrobat executes the fixup, but the color fails to change. Why?

enter image description here


Get this bounty!!!

#StackBounty: #windows #radius #ikev2 #eap EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator

Bounty: 100

I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux.

I am running: StrongSwan 5.4.0 with eap-radius plugin

Currently, we use FreeRadius to speak EAP-MSCHAPv2 with various client platforms (Windows, Mac, Linux). Due to some limitations, we need to implement our own RADIUS "speaking" + EAP-MSCHAPv2 server to replace FreeRadius. I wont go into details as to why this is needed (but I will say that it is required), but, I am running into an issue that I can’t seem to figure out.

Following the RFC specs for the RADIUS protocol, as well as the EAP and MSCHAPv2 protocols, I have created a POC server that authenticates clients. The implementation works for all Mac OSX clients, Android clients (using strongswan app), and linux clients.

The issues start with Windows clients (tested Windows 10 + 7). For some reason, the Windows client errors out with code 691, which is a generic error that implies either a wrong username/password, or wrong authentication protocol.

I have confirmed in numerous ways that my EAP-MSCHAPv2 implementation follows the RFC specs:

MSCHAPv2 RFC: https://tools.ietf.org/html/rfc2759

At the bottom of that RFC, there are example data sets. When I use the username and password in those examples, my code generates the correct output:

INPUTS:
AuthenticatorChallenge = 5B5D7C7D7B3F2F3E3C2C602132262628
PeerChallenge = 21402324255E262A28295F2B3A337C7E
username = "User"
password = "clientPass"

OUTPUT:
8-octet Challenge: = D02E4386BCE91226
24 octet NT-Response:: 82309ECD8D708B5EA08FAA3981CD83544233114A3D85D6DF
42-octet AuthenticatorResponse: S=407A5589115FD0D6209F510FE9C04566932CDA56

This validates that my implementation is following the RFC spec for the data that should be calculated during the MSCHAPv2 portions of the EAP conversation. This is also confirmed by the fact that Mac, Android and Linux clients authenticate successfully.

This leads me to beleive that the Windows error is related to the packet format, and not the underlying values being generated by my code. To that end, I enabled full debug logging in StrongSwan and pointed the authentication back to FreeRadius, so that I could log a successful authentication conversation with FreeRadius, then compare the packets with my own POC.

The following is a successful Windows EAP conversation with FreeRadius:

  1. EAP Identity + Challenge Response
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1> sending RADIUS Access-Request to server '127.0.0.1'
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1> => 168 bytes @ 0x7f55f00014b0
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>    0: 01 F6 00 A8 73 40 3E 5D A8 2A 50 21 53 8E FE 52  ....s@>].*P!S..R
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>   16: 0F 14 D1 8E 01 12 72 34 32 6D 33 6E 63 76 2D 65  ......r42m3ncv-e
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>   32: 38 77 66 70 67 33 3D 06 00 00 00 05 06 06 00 00  8wfpg3=.........
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>   48: 00 02 05 06 00 00 00 01 57 10 69 6B 65 76 32 2D  ........W.ikev2-
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>   64: 6D 73 63 68 61 70 76 32 04 06 C4 34 2E 23 1E 0E  mschapv2...4.#..
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>   80: 31 39 36 2E 35 32 2E 34 36 2E 33 35 1F 10 36 36  196.52.46.35..66
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>   96: 2E 32 30 37 2E 32 30 38 2E 32 32 36 4F 17 02 00  .207.208.226O...
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>  112: 00 15 01 72 34 32 6D 33 6E 63 76 2D 65 38 77 66  ...r42m3ncv-e8wf
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>  128: 70 67 33 20 13 63 61 2D 30 30 31 5F 73 74 72 6F  pg3 .ca-001_stro
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>  144: 6E 67 73 77 61 6E 50 12 E1 CD BD 37 42 F0 6C BE  ngswanP....7B.l.
Jul 30 01:02:38 87[CFG] <ikev2-mschapv2|1>  160: 64 AB BD F6 19 B6 9A A6                          d.......
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1> received RADIUS Access-Challenge from server '127.0.0.1'
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1> => 112 bytes @ 0x7f55f0000de0
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>    0: 0B F6 00 70 ED 7D 83 2C AF 6E 81 05 ED E7 73 43  ...p.}.,.n....sC
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>   16: 60 19 76 B7 1A 0C 00 00 01 37 1C 06 0A FF FF 03  `.v......7......
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>   32: 4F 2C 01 01 00 2A 1A 01 01 00 25 10 FC 80 3D 84  O,...*....%...=.
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>   48: 7A A0 ED DC FF E3 CB 7C C3 07 62 FC 72 34 32 6D  z......|..b.r42m
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>   64: 33 6E 63 76 2D 65 38 77 66 70 67 33 50 12 63 4F  3ncv-e8wfpg3P.cO
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>   80: 24 0B F0 D1 B3 09 7B 74 40 5C DF FC FB CC 18 12  $.....{t@......
Jul 30 01:02:39 87[CFG] <ikev2-mschapv2|1>   96: 01 A0 90 AE 01 A1 8A DA 3E A1 21 17 0E 05 88 2C  ........>.!....,
Jul 30 01:02:39 87[IKE] <ikev2-mschapv2|1> EAP_MSCHAPV2 payload => 42 bytes @ 0x7f55f0000ee0
Jul 30 01:02:39 87[IKE] <ikev2-mschapv2|1>    0: 01 01 00 2A 1A 01 01 00 25 10 FC 80 3D 84 7A A0  ...*....%...=.z.
Jul 30 01:02:39 87[IKE] <ikev2-mschapv2|1>   16: ED DC FF E3 CB 7C C3 07 62 FC 72 34 32 6D 33 6E  .....|..b.r42m3n
Jul 30 01:02:39 87[IKE] <ikev2-mschapv2|1>   32: 63 76 2D 65 38 77 66 70 67 33                    cv-e8wfpg3
Jul 30 01:02:39 87[IKE] <ikev2-mschapv2|1> initiating EAP_MSCHAPV2 method (id 0x01)
  1. EAP Request Packet + Success Packet (Access-Challenge) Response:
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1> sending RADIUS Access-Request to server '127.0.0.1'
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1> => 240 bytes @ 0x7f5618001570
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>    0: 01 F7 00 F0 8A 5D 27 E3 01 D1 65 4C 07 7B CC 4A  .....]'...eL.{.J
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   16: 41 12 87 95 01 12 72 34 32 6D 33 6E 63 76 2D 65  A.....r42m3ncv-e
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   32: 38 77 66 70 67 33 3D 06 00 00 00 05 06 06 00 00  8wfpg3=.........
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   48: 00 02 05 06 00 00 00 01 57 10 69 6B 65 76 32 2D  ........W.ikev2-
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   64: 6D 73 63 68 61 70 76 32 04 06 C4 34 2E 23 1E 0E  mschapv2...4.#..
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   80: 31 39 36 2E 35 32 2E 34 36 2E 33 35 1F 10 36 36  196.52.46.35..66
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   96: 2E 32 30 37 2E 32 30 38 2E 32 32 36 4F 4D 02 01  .207.208.226OM..
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  112: 00 4B 1A 02 01 00 46 31 7F D3 69 D7 24 FB 6A 9E  .K....F1..i.$.j.
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  128: 22 39 C7 3F B0 43 94 3C 00 00 00 00 00 00 00 00  "9.?.C.<........
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  144: 76 E7 D7 C3 6B 69 85 B0 1F 7E EF 8D 11 C6 78 28  v...ki...~....x(
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  160: D3 F4 78 04 40 BD BD 39 00 72 34 32 6D 33 6E 63  ..x.@..9.r42m3nc
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  176: 76 2D 65 38 77 66 70 67 33 20 13 63 61 2D 30 30  v-e8wfpg3 .ca-00
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  192: 31 5F 73 74 72 6F 6E 67 73 77 61 6E 18 12 01 A0  1_strongswan....
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  208: 90 AE 01 A1 8A DA 3E A1 21 17 0E 05 88 2C 50 12  ......>.!....,P.
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  224: 73 4F EF F8 F6 08 B9 31 DA FC 35 25 0F CF 00 30  sO.....1..5%...0
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1> received RADIUS Access-Challenge from server '127.0.0.1'
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1> => 121 bytes @ 0x7f5618001160
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>    0: 0B F7 00 79 F6 E1 7C CC C5 C7 FA 31 F7 9A 68 45  ...y..|....1..hE
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   16: 71 6A D6 A9 1A 0C 00 00 01 37 1C 06 0A FF FF 03  qj.......7......
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   32: 4F 35 01 02 00 33 1A 03 01 00 2E 53 3D 32 30 46  O5...3.....S=20F
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   48: 46 45 45 38 39 43 31 31 41 39 37 36 44 45 43 34  FEE89C11A976DEC4
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   64: 38 46 42 46 44 34 44 44 31 33 32 46 43 31 36 33  8FBFD4DD132FC163
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   80: 36 39 33 35 31 50 12 D1 D9 D9 CB 8D C1 9A F8 EE  69351P..........
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>   96: 40 12 C5 13 F5 CD 40 18 12 01 A0 90 AE 00 A2 8A  @.....@.........
Jul 30 01:02:39 48[CFG] <ikev2-mschapv2|1>  112: DA 3E A1 21 17 0E 05 88 2C                       .>.!....,
Jul 30 01:02:39 48[IKE] <ikev2-mschapv2|1> EAP_MSCHAPV2 payload => 51 bytes @ 0x7f56180012c0
Jul 30 01:02:39 48[IKE] <ikev2-mschapv2|1>    0: 01 02 00 33 1A 03 01 00 2E 53 3D 32 30 46 46 45  ...3.....S=20FFE
Jul 30 01:02:39 48[IKE] <ikev2-mschapv2|1>   16: 45 38 39 43 31 31 41 39 37 36 44 45 43 34 38 46  E89C11A976DEC48F
Jul 30 01:02:39 48[IKE] <ikev2-mschapv2|1>   32: 42 46 44 34 44 44 31 33 32 46 43 31 36 33 36 39  BFD4DD132FC16369
Jul 30 01:02:39 48[IKE] <ikev2-mschapv2|1>   48: 33 35 31                                         351
Jul 30 01:02:39 48[ENC] <ikev2-mschapv2|1> added payload of type EAP to message
  1. EAP Success -> Success (Access-Accept) Response:
Jul 30 01:02:39 124[ENC] <ikev2-mschapv2|1> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Jul 30 01:02:39 124[IKE] <ikev2-mschapv2|1> EAP_MSCHAPV2 payload => 6 bytes @ 0x7f55d80012f0
Jul 30 01:02:39 124[IKE] <ikev2-mschapv2|1>    0: 02 02 00 06 1A 03                                ......
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1> sending RADIUS Access-Request to server '127.0.0.1'
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1> => 171 bytes @ 0x7f55d8000980
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>    0: 01 A8 00 AB CA 0B A5 7E 53 26 BB 1F 7B F5 BC 66  .......~S&..{..f
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   16: BD 7B 9D 87 01 12 72 34 32 6D 33 6E 63 76 2D 65  .{....r42m3ncv-e
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   32: 38 77 66 70 67 33 3D 06 00 00 00 05 06 06 00 00  8wfpg3=.........
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   48: 00 02 05 06 00 00 00 01 57 10 69 6B 65 76 32 2D  ........W.ikev2-
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   64: 6D 73 63 68 61 70 76 32 04 06 C4 34 2E 23 1E 0E  mschapv2...4.#..
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   80: 31 39 36 2E 35 32 2E 34 36 2E 33 35 1F 10 36 36  196.52.46.35..66
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   96: 2E 32 30 37 2E 32 30 38 2E 32 32 36 4F 08 02 02  .207.208.226O...
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  112: 00 06 1A 03 20 13 63 61 2D 30 30 31 5F 73 74 72  .... .ca-001_str
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  128: 6F 6E 67 73 77 61 6E 18 12 01 A0 90 AE 00 A2 8A  ongswan.........
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  144: DA 3E A1 21 17 0E 05 88 2C 50 12 AA 6E 35 90 03  .>.!....,P..n5..
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  160: 74 77 80 4A 2E BD FD A7 B2 C5 5B                 tw.J......[
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1> received RADIUS Access-Accept from server '127.0.0.1'
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1> => 182 bytes @ 0x7f55d8001750
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>    0: 02 A8 00 B6 61 C5 9A 92 51 CB DD 0B DF 37 3A 0F  ....a...Q....7:.
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   16: 83 40 AB F2 1A 0C 00 00 01 37 1C 06 0A FF FF 03  .@.......7......
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   32: 1A 0C 00 00 01 37 07 06 00 00 00 01 1A 0C 00 00  .....7..........
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   48: 01 37 08 06 00 00 00 06 1A 2A 00 00 01 37 10 24  .7.......*...7.$
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   64: E6 DC E1 89 5C 76 E8 8A BA 58 F7 7B B6 5E 62 4C  ....v...X.{.^bL
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   80: 7F EB BB C2 45 5A 6B F7 0E 01 F3 9E 0F AD 0E AE  ....EZk.........
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>   96: A3 92 1A 2A 00 00 01 37 11 24 ED F6 C9 A5 D7 3A  ...*...7.$.....:
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  112: 0D C4 4D 93 4F 99 6E 81 28 AC B1 CE 30 DA A0 AF  ..M.O.n.(...0...
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  128: 4F 28 71 60 12 E5 35 39 04 27 A6 68 4F 06 03 02  O(q`..59.'.hO...
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  144: 00 04 50 12 C3 89 53 1A 29 FD 07 DD 11 FB 65 82  ..P...S.).....e.
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  160: 73 93 0C B2 01 12 72 34 32 6D 33 6E 63 76 2D 65  s.....r42m3ncv-e
Jul 30 01:02:39 124[CFG] <ikev2-mschapv2|1>  176: 38 77 66 70 67 33                                8wfpg3

Now the EAP conversation with my POC:

  1. EAP Identity + Challenge Response
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1> sending RADIUS Access-Request to server '127.0.0.1'
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1> => 168 bytes @ 0x7fc2800019c0
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>    0: 01 56 00 A8 C3 0E 12 EC A6 1A 72 E2 3C CA 4A 78  .V........r.<.Jx
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   16: 54 E4 35 51 01 12 72 34 32 6D 33 6E 63 76 2D 65  T.5Q..r42m3ncv-e
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   32: 38 77 66 70 67 33 3D 06 00 00 00 05 06 06 00 00  8wfpg3=.........
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   48: 00 02 05 06 00 00 00 01 57 10 69 6B 65 76 32 2D  ........W.ikev2-
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   64: 6D 73 63 68 61 70 76 32 04 06 C4 34 2E 23 1E 0E  mschapv2...4.#..
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   80: 31 39 36 2E 35 32 2E 34 36 2E 33 35 1F 10 36 36  196.52.46.35..66
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   96: 2E 32 30 37 2E 32 30 38 2E 32 32 36 4F 17 02 00  .207.208.226O...
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>  112: 00 15 01 72 34 32 6D 33 6E 63 76 2D 65 38 77 66  ...r42m3ncv-e8wf
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>  128: 70 67 33 20 13 63 61 2D 30 30 31 5F 73 74 72 6F  pg3 .ca-001_stro
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>  144: 6E 67 73 77 61 6E 50 12 0F F1 22 79 D1 AD DE 25  ngswanP..."y...%
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>  160: 5B 01 3D A7 19 81 8A AC                          [.=.....
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1> received RADIUS Access-Challenge from server '127.0.0.1'
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1> => 100 bytes @ 0x7fc280000d20
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>    0: 0B 56 00 64 BF 61 D9 0F 42 95 2C 76 A4 41 C3 0F  .V.d.a..B.,v.A..
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   16: 59 9B A4 FA 4F 2C 01 01 00 2A 1A 01 01 00 25 10  Y...O,...*....%.
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   32: 15 C1 FB 92 B0 5A D7 64 1D 60 C5 46 69 00 DA E5  .....Z.d.`.Fi...
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   48: 72 34 32 6D 33 6E 63 76 2D 65 38 77 66 70 67 33  r42m3ncv-e8wfpg3
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   64: 18 12 15 C1 FB 92 B0 5A D7 64 1D 60 C5 46 69 00  .......Z.d.`.Fi.
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   80: DA E5 50 12 41 E8 6C 15 EF 59 DC CC A0 C7 7A A7  ..P.A.l..Y....z.
Jul 30 00:33:24 89[CFG] <ikev2-mschapv2|1>   96: 3A 70 2D 82                                      :p-.
Jul 30 00:33:24 89[IKE] <ikev2-mschapv2|1> EAP_MSCHAPV2 payload => 42 bytes @ 0x7fc280001650
Jul 30 00:33:24 89[IKE] <ikev2-mschapv2|1>    0: 01 01 00 2A 1A 01 01 00 25 10 15 C1 FB 92 B0 5A  ...*....%......Z
Jul 30 00:33:24 89[IKE] <ikev2-mschapv2|1>   16: D7 64 1D 60 C5 46 69 00 DA E5 72 34 32 6D 33 6E  .d.`.Fi...r42m3n
Jul 30 00:33:24 89[IKE] <ikev2-mschapv2|1>   32: 63 76 2D 65 38 77 66 70 67 33                    cv-e8wfpg3
Jul 30 00:33:24 89[IKE] <ikev2-mschapv2|1> initiating EAP_MSCHAPV2 method (id 0x01)
  1. EAP Request Packet + Success Packet (Access-Challenge) Response:
Jul 30 00:33:24 100[ENC] <ikev2-mschapv2|1> parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1> EAP_MSCHAPV2 payload => 75 bytes @ 0x7fc2940069c0
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>    0: 02 01 00 4B 1A 02 01 00 46 31 B2 2F A8 1C 2F 1A  ...K....F1./../.
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   16: EF 66 C0 F1 A6 B7 27 BD 51 5F 00 00 00 00 00 00  .f....'.Q_......
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   32: 00 00 64 97 7D 85 D1 6B DD 8C 82 82 A0 CB EB D7  ..d.}..k........
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   48: D8 D0 21 1C 27 96 63 7B 3D 13 00 72 34 32 6D 33  ..!.'.c{=..r42m3
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   64: 6E 63 76 2D 65 38 77 66 70 67 33                 ncv-e8wfpg3
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1> sending RADIUS Access-Request to server '127.0.0.1'
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1> => 240 bytes @ 0x7fc294003d60
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>    0: 01 7C 00 F0 DB AB 7C BF 31 2A CA A3 A1 33 93 7B  .|....|.1*...3.{
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   16: DB A4 B3 C5 01 12 72 34 32 6D 33 6E 63 76 2D 65  ......r42m3ncv-e
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   32: 38 77 66 70 67 33 3D 06 00 00 00 05 06 06 00 00  8wfpg3=.........
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   48: 00 02 05 06 00 00 00 01 57 10 69 6B 65 76 32 2D  ........W.ikev2-
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   64: 6D 73 63 68 61 70 76 32 04 06 C4 34 2E 23 1E 0E  mschapv2...4.#..
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   80: 31 39 36 2E 35 32 2E 34 36 2E 33 35 1F 10 36 36  196.52.46.35..66
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   96: 2E 32 30 37 2E 32 30 38 2E 32 32 36 4F 4D 02 01  .207.208.226OM..
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  112: 00 4B 1A 02 01 00 46 31 B2 2F A8 1C 2F 1A EF 66  .K....F1./../..f
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  128: C0 F1 A6 B7 27 BD 51 5F 00 00 00 00 00 00 00 00  ....'.Q_........
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  144: 64 97 7D 85 D1 6B DD 8C 82 82 A0 CB EB D7 D8 D0  d.}..k..........
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  160: 21 1C 27 96 63 7B 3D 13 00 72 34 32 6D 33 6E 63  !.'.c{=..r42m3nc
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  176: 76 2D 65 38 77 66 70 67 33 20 13 63 61 2D 30 30  v-e8wfpg3 .ca-00
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  192: 31 5F 73 74 72 6F 6E 67 73 77 61 6E 18 12 15 C1  1_strongswan....
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  208: FB 92 B0 5A D7 64 1D 60 C5 46 69 00 DA E5 50 12  ...Z.d.`.Fi...P.
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  224: DC 26 57 40 79 91 11 FC 3F 6A C0 AD 0A 66 A0 4D  .&W@y...?j...f.M
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1> received RADIUS Access-Challenge from server '127.0.0.1'
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1> => 121 bytes @ 0x7fc294006930
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>    0: 0B 7C 00 79 35 C3 A8 F7 CC BE 84 13 5D 37 B0 66  .|.y5.......]7.f
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   16: A7 78 94 4A 1A 0C 00 00 01 37 1C 06 0A FF FF 02  .x.J.....7......
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   32: 4F 35 01 01 00 33 1A 03 01 00 2E 53 3D 33 39 39  O5...3.....S=399
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   48: 45 33 42 36 43 43 43 31 46 42 44 32 37 36 41 42  E3B6CCC1FBD276AB
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   64: 34 45 39 32 33 33 31 33 32 42 34 33 46 37 39 41  4E9233132B43F79A
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   80: 31 31 39 45 37 18 12 15 C1 FB 92 B0 5A D7 64 1D  119E7.......Z.d.
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>   96: 60 C5 46 69 00 DA E5 50 12 1F C6 29 3B 96 8E C4  `.Fi...P...);...
Jul 30 00:33:24 100[CFG] <ikev2-mschapv2|1>  112: EE A4 39 67 FB 3B AE 12 8E                       ..9g.;...
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1> EAP_MSCHAPV2 payload => 51 bytes @ 0x7fc2940045e0
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>    0: 01 01 00 33 1A 03 01 00 2E 53 3D 33 39 39 45 33  ...3.....S=399E3
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   16: 42 36 43 43 43 31 46 42 44 32 37 36 41 42 34 45  B6CCC1FBD276AB4E
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   32: 39 32 33 33 31 33 32 42 34 33 46 37 39 41 31 31  9233132B43F79A11
Jul 30 00:33:24 100[IKE] <ikev2-mschapv2|1>   48: 39 45 37                                         9E7
Jul 30 00:33:24 100[ENC] <ikev2-mschapv2|1> added payload of type EAP to message

At this point, no further communication is seen from the client. Client side, the error 691 is shown. This implies that the client was not able to validate the Access-Challenge sent by my POC. Which is either due to bad packet format, or, bad success packet value.

I have taken the peer and authenticator challenges from the successful log, and ran it through my code to see if I can get the same success packet output, and it does indeed generate the same value.

Looking at the format of the packet byte by byte, I cannot see any differece in either format or value, yet, Windows rejects this response and terminates the EAP conversation.

If anyone has any in depth knowledge of Windows + EAP + MSCHAPv2 implementations, I would greatly appreciate the help, as at this point I have compared the data byte by byte and cannot see any differences.

Here are more references to the RFCs implemented:

Additional Notes:

I was originally suspecting that the issue could be in the RADIUS packets, and not in the EAP messages, since the EAP payload look identical in both the FreeRadius (working) conversation, and my POC. The reason I abandoned that theory is that both client and server logs show that the error happens during the EAP authentication stage.

Could there be something in the RADIUS protocol/packets that can affect the validity or acceptance of EAP messages by the client?

Also, the error is thrown during the "Success Packet" Access-Challenge stage of the EAP conversation, but, could earlier steps fail silently and cause this error at a later stage? I haven’t found anything in any of the above RFCs that would suggest that, but I’m not ruling anything out at this point as I’ve been at it for nearly 2 weeks.

Lastly, I have tried to get more debug information out of Windows to see the exact data that Windows is using to determine the validity of the message, but, all I was able to get from the "Remote Access Diagnostic Report" is this:

[3004] 07-30 11:38:21:863: EapBegin(fServer=0)
[3004] 07-30 11:38:21:863: EapBegin: EapTypeToBeUsed=26, EapAuthType=2
[3004] 07-30 11:38:21:863: EapBegin: ThisIsARenegotiation=0, SaveCredsToCredMan=0, UseWinlogonCredentials=0.
[3004] 07-30 11:38:21:864: EapBegin: Connection handle: 1835008
[3004] 07-30 11:38:21:864: EapBegin: EAP user blob is not passed so using the credentials.
[3004] 07-30 11:38:21:864: fRetry = 0.
[3004] 07-30 11:38:21:865: Eap user data size: 1021.
[3004] 07-30 11:38:21:865: EapBegin done
[3004] 07-30 11:38:21:865: EapMakeMessage,RBuf=4b78910
[3004] 07-30 11:38:21:865: MakeAuthenticateeMessage...
[3004] 07-30 11:38:21:865: EAPSTATE_Initial
[3004] 07-30 11:38:21:865: EapMethodBegin(Flags=0x10, Remaining retry count=3)
[3004] 07-30 11:38:21:866: EAPSTATE_Working
[3004] 07-30 11:38:21:866: HandleEapResponse -- Entering.
[3004] 07-30 11:38:21:866: EapHost returned Action = EapHostPeerResponseSend. Processing send packet...
[3004] 07-30 11:38:21:866: RasProcessEapHostSendPacket -- Entering.
[3004] 07-30 11:38:21:866: Got identity: r42m3ncv-e8wfpg3.
[3004] 07-30 11:38:21:866: RasProcessEapHostSendPacket: Sending packet.
[3004] 07-30 11:38:21:866: RasProcessEapHostSendPacket -- Leaving: 0x0.
[3004] 07-30 11:38:21:866: HandleEapResponse -- Leaving: 0x0.
[3004] 07-30 11:38:21:869: EapMakeMessage,RBuf=4b78910
[3004] 07-30 11:38:21:869: MakeAuthenticateeMessage...
[3004] 07-30 11:38:21:869: EAPSTATE_Working
[3004] 07-30 11:38:21:870: HandleEapResponse -- Entering.
[3004] 07-30 11:38:21:870: EapHost returned Action = EapHostPeerResponseSend. Processing send packet...
[3004] 07-30 11:38:21:870: RasProcessEapHostSendPacket -- Entering.
[3004] 07-30 11:38:21:870: RasProcessEapHostSendPacket: Sending packet.
[3004] 07-30 11:38:21:870: RasProcessEapHostSendPacket -- Leaving: 0x0.
[3004] 07-30 11:38:21:870: HandleEapResponse -- Leaving: 0x0.
[3004] 07-30 11:38:21:873: EapMakeMessage,RBuf=4b78910
[3004] 07-30 11:38:21:873: MakeAuthenticateeMessage...
[3004] 07-30 11:38:21:873: EAPSTATE_Working
[3004] 07-30 11:38:21:873: HandleEapResponse -- Entering.
[3004] 07-30 11:38:21:873: EapHost returned Action = EapHostPeerResponseResult. Retreiving result...
[3004] 07-30 11:38:21:873: RasGetEapHostAuthResult -- Entering.
[3004] 07-30 11:38:21:873: RasSetQuarantineStatus -- Entering.
[3004] 07-30 11:38:21:873: ISOLATION_STATE_UNKNOWN
[3004] 07-30 11:38:21:873: RasSetQuarantineStatus -- Leaving: 0x0.
[3004] 07-30 11:38:21:873: EAP Authentication failed with error: Internal = 0x2b3, External = 0x80420112.
[3004] 07-30 11:38:21:873: RasGetEapHostAuthResult -- Leaving: 0x0.
[3004] 07-30 11:38:21:873: HandleEapResponse -- Leaving: 0x0.
[960] 07-30 11:38:21:881: EapEnd
[960] 07-30 11:38:21:881: EapMethodEnd called for EAP Index 26

If anyone knows how to get any useful debugging data for EAP-MSCHAPV2 on Windows, that could also be very helpful. Ideally I would want to see the individual inputs to the various calculations performed by the Windows implementation as I see no logical reason why it’s not working as the spec is being followed.


Get this bounty!!!

#StackBounty: #docker #nginx #reverse-proxy #nginx-reverse-proxy #x-forwarded-for How to configure nginx X-Forwarded-Port to be the ori…

Bounty: 50

I am using nginx in a standard reverse proxy scenario, to pass all requests to /auth to another host, however I’m trying to use non-standard ports.

My end goal is to have the X-Forwarded-Port header set to the port that the request comes in on.

Here is my location block in nginx.conf:

location /auth/ {
    proxy_pass       http://otherhost:8090;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port <VAR>;
}

This nginx is running in a docker container, that is configured to forward requests from 8085 into 80 in the container, such that the nginx process is listening on 80:

0.0.0.0:8085->80/tcp

When I hit the URL:

http://localhost:8085/auth/

I am correctly redirected to http://otherhost:8090, but the X-Forwarded-Port header is missing or wrong.

Where I have <VAR> in the original block, I have tried the following:

  • $server_port – This is the port nginx is listening on (80), not the
    request port.

  • $pass_port – Seems to be null in my setup, so nginx drops the
    header.

  • $http_port – This is a random port per request.

  • $remote_port – This is a random port per request.

I can change my config at deploy time to hardcode to the known port of incoming requests, but ideally I would be able to change the front port without any change to the nginx config.

I’ve scoured the nginx variable list but can’t find anything like $request_port. Is there any way for me to achieve my intent?


Get this bounty!!!