NTLM Auth Problem

Phil Mayers p.mayers at imperial.ac.uk
Tue Apr 24 16:16:06 CEST 2012

On 24/04/12 13:44, Ali Majdzadeh wrote:
> Hi
> I checked that rlm_mschap converts the CHAP_CHALLENGE from radius packet
> into other format that used in ntlm_auth.
> Radius Packet: MS-CHAP-Challenge = 0x7e95c31b02cd054fd1dcacea7c2fb358
> Radius –X output for Ntlm_auth: expand:
> --challenge=%{%{mschap:Challenge}:-00} -> --challenge=4487f1f9d023e69b
> U told that is normal, based on RFC. I checked the rlm_mschap.c and
> rlm_exec.c and also src/main/util.c, It seems that they are copying

Did you read the RFC?

> variable one by one from radius packet into ntlm_auth and I did not find
> any function to do converting. May give me more information?


See here:


...and here:


...which is an implementation of this:


If you actually READ the RFC, you will see it contains detailed 
pseudo-code describing how this work, and even gives sample hex data 
that you can test your script with.

More information about the Freeradius-Users mailing list