NTLM Auth Problem

Ali Majdzadeh ali.majdzadeh at gmail.com
Tue Apr 24 14:44:56 CEST 2012


I checked that rlm_mschap converts the CHAP_CHALLENGE from radius packet
into other format that used in ntlm_auth.

Radius Packet:  MS-CHAP-Challenge = 0x7e95c31b02cd054fd1dcacea7c2fb358

Radius –X output for Ntlm_auth:   expand:
--challenge=%{%{mschap:Challenge}:-00} -> --challenge=4487f1f9d023e69b

U told that is normal, based on RFC. I checked the rlm_mschap.c and
rlm_exec.c and also src/main/util.c, It seems that they are copying
variable one by one from radius packet into ntlm_auth and I did not find
any function to do converting. May give me more information?

My problem is:

I need to call ntlm_auth from command line, not from modules/mschap. So
when I’m running via commandline with same ms-chap-challenge as radius
packet but response from LDAP is not OK.

2012/4/16 Phil Mayers <p.mayers at imperial.ac.uk>

> On 04/15/2012 09:51 PM, Ali Majdzadeh wrote:
>> Hi
>> Tnx for Ur fast reply.
>> As I explained, I know that the format is differ from the original
>> attributes. I want to know that:
>> If I want to run it from commandline, how can I convert the challenge and
>> response attributes to which they can be used in command line?
> This is documented in the MS-CHAPv2 RFC. Or read the source code in the
> server.
> There's no readily-available tool to "do this for you". You'll need to
> write a script.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120424/ac2a3c79/attachment.html>

More information about the Freeradius-Users mailing list