ntlm_auth return value

MKondrin mkondrin at hppi.troitsk.ru
Thu Dec 22 14:50:12 CET 2011


I am writing custom script substituting ntlm_auth program which 
authenticates users of our subnet using freeradius and mschap module. 
But I do not quite understand what is the expected return value of the 
ntlm_auth program. I think that my script should return the string 
NT_KEY: xxx. where xxx is a NT-hash of user's password. But when I made 
my script return this value then only  TTLS/MSCHAPV1 authentication 
works, but not TTLS/MSCHAPV2 and PEAP/MSCHAPV2 which both hangs on the 
second phase. Looking into the source code of 
freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c (lines No. 
753 vs.691) I have found that rlm_mschap module rather expects from the 
ntlm_auth not the NT-hash itself but rather a MD4 hash of the NT-hash. 
It is not hard for me to change my script accordingly, but I wonder is 
this an intended behavior or a bug?

Thank you in advance.


More information about the Freeradius-Users mailing list