Ms-Chap + NT-Password
Herwin Weststrate
herwin at quarantainenet.nl
Mon Dec 31 16:31:40 CET 2018
On 31-12-18 16:22, Anton Kiryushkin wrote:
> In other words, how can I make a different way to authorisation users by
> per controllers?
> I found the option virtual_server, but when I read a log I saw that client
> goes through a dedicated site with an md5-hashed password and after comes
> back to default site.
> What is this hash:
> MD5-Password := 0x6c375752517179667431416e4c4f6462714d365679413d3d
> I saved in my database other hashed via next script:
>
> #! /usr/bin/perl -w
> use strict;
> use Digest::MD5;
> use MIME::Base64;
> unless($ARGV[0]){
> print "Please supply a password to create a MD5 hash from.\n";
> exit;
> }
> my $ctx = Digest::MD5->new;
> $ctx->add($ARGV[0]);
> print encode_base64($ctx->digest,'')."\n";
That doesn't result in a MD5 hash, but in a base64-encoded MD5 hash. You
can replace the last line with:
print $ctx->hexdigest."\n";
(Or just use something like `echo -n "secret" | md5sum` in bash)
> And passwords hashed in that way are working with VPN-site.
Theoretically, FreeRADIUS will be able to use it as well, after
performing a number of operations on it. It's probably easier to check
if the VPN-thingy supports the output of hexdigest as well.
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list