<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
<font class="Apple-style-span" face="Tahoma" size="4"><span class="Apple-style-span" style="font-size: 10pt;">hey ppl</span></font><div style="font-family: Tahoma; font-size: 10pt; "><br></div><div style="font-family: Tahoma; font-size: 10pt; "><br></div><div style="font-family: Tahoma; font-size: 10pt; ">i m trying to authenticate with rlm_perl using chap with following perl script but doesn't seem to work. i m guessing chap-password should be in hex (0x) format but doesn't seem to be in. hope some one can help me out</div><div style="font-family: Tahoma; font-size: 10pt; "><br></div><div style="font-family: Tahoma; font-size: 10pt; ">Best Regards</div><div style="font-family: Tahoma; font-size: 10pt; "><br></div><div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $want_password="123";</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $given_password;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $given_chap_challenge;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$given_password=$RAD_REQUEST{'CHAP-Password'};</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$given_chap_challenge=$RAD_REQUEST{'CHAP-Challenge'};</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$given_password =~ s/^0x//;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$given_chap_challenge =~ s/^0x//;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $chap_password = pack("H*", $given_password);</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $chap_challenge = pack("H*", $given_chap_challenge);</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $md5 = new Digest::MD5;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$md5->reset;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$md5->add(substr($chap_password, 0, 1));</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$md5->add($want_password);</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$md5->add($chap_challenge);</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $digest = $md5->digest();</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $subby = substr($chap_password,1);</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">my $subby2 = substr($chap_password,0,1);</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">if ($digest ne substr($chap_password, 1)) {</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">#return 0; #Bad pass returning 0</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">$RAD_REPLY{'Reply-Message'} = "Denied access for invalid password";</span></font></div></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">}</span></font></div><div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">}</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">else {</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">#return 1; # Pass is OK Returning 1</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">return RLM_MODULE_OK;</span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;">}</span></font></div></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px;"><div>rlm_perl: Added pair User-Name = support-5</div><div>rlm_perl: Added pair CHAP-Password = \010\235\243\232\006h\376\024\374㢵Ê?\021_\372</div><div>rlm_perl: Added pair CHAP-Challenge = \220?\251\314\033\2067g\204z'Ú?\201X3</div><div>rlm_perl: Added pair NAS-IP-Address = 221.132.115.82</div><div>rlm_perl: Added pair NAS-Port = 1812</div><div>rlm_perl: Added pair Reply-Message = Denied access for invalid password</div><div>rlm_perl: Added pair Auth-Type = Perl</div><div>++[perl] returns reject</div><div>Failed to authenticate the user.</div><div>Login incorrect: [support-5/<CHAP-Password>] (from client localhost port 1812)</div><div>Using Post-Auth-Type Reject</div><div># Executing group from file /etc/freeradius/sites-enabled/default</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] expand: %{User-Name} -> support-5</div><div> attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div><div>Delaying reject of request 0 for 1 seconds</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div><div>Sending delayed reject for request 0</div><div>Sending Access-Reject of id 8 to 127.0.0.1 port 49716</div></span></font></div><div><font class="Apple-style-span" face="Tahoma" size="3"><span class="Apple-style-span" style="font-size: 13px; "><br></span></font></div> </body>
</html>