On 18/05/11 17:35, Gary Gatten wrote:
That's what I was afraid of...
Can you expand on this:
"You *can* check that a given response is valid for a given challenge, if you know the password or nt hash."
At length, but I would be here all day ;o) Basically, I've got a python script that performs the MS-CHAP crypto. I'll see if I can stick it somewhere people can make use of it. But FreeRADIUS does this "right". There's no need for an external script (unless you're fiddling with the MS-CHAP module guts, which I was when I wrote it). If FreeRADIUS is telling you the mschap response is wrong, it's wrong. Either: 1. The client is sending wrong data 2. The server has wrong data (password/hash) 3. Something is fiddling with the data in transit Since we *know* your Aruba kit is doing some fiddling, it