PEAP with NT-Password in FR3.0

Maja Wolniewicz mgw at umk.pl
Thu Aug 8 21:02:31 CEST 2013 

W dniu 08.08.2013 14:53, Alan DeKok pisze:
>
>    NT hashes still work for me.
>
>    Use the smbencrypt program to create NT hashes.
I use the smbencrypt program.

I've just set up two new fresh installations:
1. freeradius-2.2.0 - stable version
2. FR3.0 - git #0c14e0b
In both I've changed only the clients.conf and the users file.
In the users file I have:
test NT-Password := 0x0CB6948805F797BF2A82807973B89537
(user test with password test)
I'm using the eapol_test program for testing

eap=PEAP
phase2="auth=MSCHAPv2"
phase1="peapver=0"
identity="test"
password="test"

With FR2.2 it works fine for me.

With FR3.0 I'm getting:

(8)  - entering group authenticate {...}
(8) eap : Expiring EAP session with state 0x3a0706d13a0f1c9a
(8) eap : Finished EAP session with state 0x3a0706d13a0f1c9a
(8) eap : Previous EAP request found for state 0x3a0706d13a0f1c9a, 
released from the list
(8) eap : Peer sent MSCHAPv2 (26)
(8) eap : EAP MSCHAPv2 (26)
(8) eap : Calling eap_mschapv2 to process EAP data
(8) eap_mschapv2 : # Executing group from file 
/opt/Testy/FR3.0/etc/raddb/sites-enabled/inner-tunnel
(8) eap_mschapv2 :   group MS-CHAP {
(8) eap_mschapv2 :  - entering group MS-CHAP {...}
(8) mschap : No Cleartext-Password configured.  Cannot create LM-Password
(8) mschap : Found NT-Password
(8) mschap : Creating challenge hash with username: test
(8) mschap : Client is using MS-CHAPv2 for test, we need NT-Password
(8) mschap : FAILED: MS-CHAP2-Response is incorrect
(8)   [mschap] = reject
(8) eap : Freeing handler
(8)   [eap] = reject

Could you tell me what I'm doing wrong?

Maja

>
>    Changing the order of arguments in fr_hex2bin shouldn't make any
> difference.
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html


-- 
Maja Gorecka-Wolniewicz              mgw at umk.pl
Uczelniane Centrum                   Information  &  Communication
Informatyczne                        Technology Centre
Uniwersytet Mikolaja Kopernika       Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3393 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130808/f886fe6b/attachment.bin>

More information about the Freeradius-Devel mailing list