MS-CHAP-V2 with no retry
Phil Mayers
p.mayers at imperial.ac.uk
Mon Apr 11 12:22:33 CEST 2011
On 10/04/11 15:41, James J J Hooper wrote:
>
> This C=<random> needs to be saved and eventually make it's way in to
> data->challenge so that the line lower down:
> memcpy(challenge->vp_strvalue, data->challenge, MSCHAPV2_CHALLENGE_LEN);
It's actually a bit more complex; the new challenge is being generated
inside rlm_mschap as part of the error, but AFACIT rlm_eap_mschapv2
needs to know it, so that it can add it to the fake request which it
then passes *back* into rlm_mschap as an MS-CHAP-Challenge attribute.
This would also get us part of the way there to password change via
mschap (Samba currently lacks the specific API call to do this, with the
values available in an MSCHAP CPW packet, but it might be possible to
compile a C helper which does it...)
More information about the Freeradius-Users
mailing list