authenticate against SHA2 hash in EAP-MSCHAPv2
Hi colleagues, I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes. Having the following entries in the "users" file : #doka Cleartext-Password := "q1w2e3" doka SHA2-Password := "AE5A853873043C7B011C6300C464D8D4014BF833697A3C01817D83AA91A53166" I'm trying to authenticate Stronswan connections, which use EAP-MSCHAPv2. In both cases, FreeRadius notes that "pap: WARNING: Auth-Type already set. Not setting to PAP" but while it's not required with Cleartext-Password, it's required (but not called) for SHA2-Password: There are two different debugs: 1) for clear-text password it works: (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) files: users: Matched entry doka at line 68 (1) files: EXPAND Hello, %{User-Name} (1) files: --> Hello, doka (1) [files] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xa83c0023a83d1a89 (1) eap: Finished EAP session with state 0xa83c0023a83d1a89 (1) eap: Previous EAP request found for state 0xa83c0023a83d1a89, released from the list (1) eap: Peer sent packet with method EAP MSCHAPv2 (26) (1) eap: Calling submodule eap_mschapv2 to process data (1) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) eap_mschapv2: authenticate { (1) mschap: Found Cleartext-Password, hashing to create NT-Password (1) mschap: Found Cleartext-Password, hashing to create LM-Password (1) mschap: Creating challenge hash with username: doka (1) mschap: Client is using MS-CHAPv2 (1) mschap: Adding MS-CHAPv2 MPPE keys (1) [mschap] = ok (1) } # authenticate = ok (1) MSCHAP Success 2) while as soon as I switch to SHA2-Password, it stops authenticate requests (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) files: users: Matched entry doka at line 69 (1) files: EXPAND Hello, %{User-Name} (1) files: --> Hello, doka (1) [files] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: Normalizing SHA2-Password from hex encoding, 64 bytes -> 32 bytes (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x1ba8bb871ba9a1a0 (1) eap: Finished EAP session with state 0x1ba8bb871ba9a1a0 (1) eap: Previous EAP request found for state 0x1ba8bb871ba9a1a0, released from the list (1) eap: Peer sent packet with method EAP MSCHAPv2 (26) (1) eap: Calling submodule eap_mschapv2 to process data (1) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) eap_mschapv2: authenticate { (1) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (1) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (1) mschap: Creating challenge hash with username: doka (1) mschap: Client is using MS-CHAPv2 (1) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (1) mschap: ERROR: MS-CHAP2-Response is incorrect (1) [mschap] = reject (1) } # authenticate = reject (1) eap: Sending EAP Failure (code 4) ID 1 length 4 (1) eap: Freeing handler (1) [eap] = reject (1) } # authenticate = reject (1) Failed to authenticate the user Configuration is the following: 1) sites-enabled/default : authorize { filter_username preprocess auth_log chap mschap digest suffix eap { ok = return } files -sql -ldap expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } mschap digest eap } 2) mods-enabled/eap : eap { default_eap_type = mschapv2 timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = ${max_requests} md5 { } mschapv2 { } } 3) mods-enabled/mschap (unmodified) : mschap { pool { start = ${thread[pool].start_servers} min = ${thread[pool].min_spare_servers} max = ${thread[pool].max_servers} spare = ${thread[pool].max_spare_servers} uses = 0 retry_delay = 30 lifetime = 86400 cleanup_interval = 300 idle_timeout = 600 } passchange { } } 4) mod-enabled/pap (unmodified) : pap { } I will greatly appreciate any help on working around this issue. Please. Thank you! -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
On Feb 28, 2018, at 4:34 PM, Volodymyr Litovka <doka.ua@gmx.com> wrote:
Hi colleagues,
I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes.
See magic bingo card: http://deployingradius.com/documents/protocols/compatibility.html Same applies to SHA256 as it does SHA1. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Arran, - How can I make authentication protocol X work with passwords stored as Y? - You can't. it's magic, thank you. On 2/28/18 12:55 PM, Arran Cudbard-Bell wrote:
On Feb 28, 2018, at 4:34 PM, Volodymyr Litovka <doka.ua@gmx.com> wrote:
Hi colleagues,
I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes.
See magic bingo card: http://deployingradius.com/documents/protocols/compatibility.html
Same applies to SHA256 as it does SHA1.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
Hello,
- How can I make authentication protocol X work with passwords stored as Y? - You can't.
it's magic, thank you.
No, it's mathematics. MSCHAP hashing destroys the cleartext password, and you can never get it back. SHA2 hashing destroys the cleartext password in a different way, you can never get it back, and it is totally unrelated to what MSCHAP produces. So, - comparisons between cleartext and MSCHAP works: apply MSCHAP to cleartext and compare results - comparisons between cleartext and SHA2 works: apply SHA2 to cleartext and compare results - comparisons between MSCHAP and SHA2 does not work: two different variants of gibberish are uncomparable Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi again, colleagues, please correct me, if I'm wrong. When using mschapv2, user sends his password in cleartext and FreeRadius compares it to one stored in, e.g., "users": 1) if Cleartext-Password used, then just compare strings 2) if NT-Password used, then create NTLM hash from supplied password and compare hashes 3) otherwise reject request (no other allowed methods) the issue with this is the following - there are many systems with tens of users which use "users" since there is no sense to supply LDAP/etc additionally to FreeRadius (not a big scale). But if, using any way, "users" file will leak outside, then we can assume open access to system - cleartext is cleartext, while services like https://hashkiller.co.uk/ntlm-decrypter.aspx with databases of previously stolen hashes (thank to always vulnerable Windows) can be used to search for the specific hash and, thus, to get corresponding password. Why not to add 3rd, 4th and next *internal* checks against records in "users" if we know which kind of hash used there? I mean 3) if SHA2_256-Password used, then create SHA256 hash and compare hashes 4) if SHA2_512-Password used, then create SHA512 hash and compare hashes ... n) reject request as there are no other methods while all these "SHA2_xxx" methods can be aliases to SHA2 when used with EAP-GTC or other methods. So, (a) this is internal deal of Freeradius which don't break any standards and (b) will prevent password reverse engineering in case of configuration leakage. Thank you. On 2/28/18 12:55 PM, Arran Cudbard-Bell wrote:
On Feb 28, 2018, at 4:34 PM, Volodymyr Litovka <doka.ua@gmx.com> wrote:
Hi colleagues,
I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes.
See magic bingo card: http://deployingradius.com/documents/protocols/compatibility.html
Same applies to SHA256 as it does SHA1.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
Hi,
please correct me, if I'm wrong.
You are wrong.
When using mschapv2, user sends his password in cleartext and FreeRadius compares it to one stored in, e.g., "users":
The user's password gets hashed on his client device into NT-Hash form (MD4), which is, as you've been explained numerous times before, incompatible with any other hashing form. It never gets sent in clear text. Due to that, none of what you write below applies. Greetings, Stefan Winter
1) if Cleartext-Password used, then just compare strings 2) if NT-Password used, then create NTLM hash from supplied password and compare hashes 3) otherwise reject request (no other allowed methods)
the issue with this is the following - there are many systems with tens of users which use "users" since there is no sense to supply LDAP/etc additionally to FreeRadius (not a big scale). But if, using any way, "users" file will leak outside, then we can assume open access to system - cleartext is cleartext, while services like https://hashkiller.co.uk/ntlm-decrypter.aspx with databases of previously stolen hashes (thank to always vulnerable Windows) can be used to search for the specific hash and, thus, to get corresponding password.
Why not to add 3rd, 4th and next *internal* checks against records in "users" if we know which kind of hash used there? I mean
3) if SHA2_256-Password used, then create SHA256 hash and compare hashes 4) if SHA2_512-Password used, then create SHA512 hash and compare hashes ... n) reject request as there are no other methods
while all these "SHA2_xxx" methods can be aliases to SHA2 when used with EAP-GTC or other methods. So, (a) this is internal deal of Freeradius which don't break any standards and (b) will prevent password reverse engineering in case of configuration leakage.
Thank you.
On 2/28/18 12:55 PM, Arran Cudbard-Bell wrote:
On Feb 28, 2018, at 4:34 PM, Volodymyr Litovka <doka.ua@gmx.com> wrote:
Hi colleagues,
I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes.
See magic bingo card: http://deployingradius.com/documents/protocols/compatibility.html
Same applies to SHA256 as it does SHA1.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
On Thu, Mar 1, 2018 at 3:32 PM, Volodymyr Litovka <doka.ua@gmx.com> wrote:
Hi again, colleagues,
please correct me, if I'm wrong.
When using mschapv2, user sends his password in cleartext and FreeRadius compares it to one stored in, e.g., "users":
As Stefan wrote, that is not the case with mschapv2. radius server never recieve cleartext password from clients in this case. You can get cleartext password from clients if they use pap, eap-ttls-pap, or peap-gtc. -- Fajar
Hi again, and worth to say that plain authentication using "radtest doka q1w2e3 localhost 1812 mysecret" agains SHA2-Password in "users" works perfectly: Sent Access-Request Id 237 from 0.0.0.0:37952 to 127.0.0.1:1812 length 74 User-Name = "doka" User-Password = "q1w2e3" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00 Cleartext-Password = "q1w2e3" Received Access-Accept Id 237 from 127.0.0.1:1812 to 0.0.0.0:0 length 33 Reply-Message = "Hello, doka" with the following debug (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) files: users: Matched entry doka at line 69 (0) files: EXPAND Hello, %{User-Name} (0) files: --> Hello, doka (0) [files] = ok (0) [expiration] = noop (0) [logintime] = noop (0) pap: Normalizing SHA2-Password from hex encoding, 64 bytes -> 32 bytes (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = pap (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known-good" SHA2-Password (0) pap: User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok so there are no problems with crypto libraries and "SHA2-Password" statement itself. On 2/28/18 12:34 PM, Volodymyr Litovka wrote:
Hi colleagues,
I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes.
Having the following entries in the "users" file :
#doka Cleartext-Password := "q1w2e3" doka SHA2-Password := "AE5A853873043C7B011C6300C464D8D4014BF833697A3C01817D83AA91A53166"
I'm trying to authenticate Stronswan connections, which use EAP-MSCHAPv2. In both cases, FreeRadius notes that "pap: WARNING: Auth-Type already set. Not setting to PAP" but while it's not required with Cleartext-Password, it's required (but not called) for SHA2-Password:
There are two different debugs:
1) for clear-text password it works:
(1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) files: users: Matched entry doka at line 68 (1) files: EXPAND Hello, %{User-Name} (1) files: --> Hello, doka (1) [files] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xa83c0023a83d1a89 (1) eap: Finished EAP session with state 0xa83c0023a83d1a89 (1) eap: Previous EAP request found for state 0xa83c0023a83d1a89, released from the list (1) eap: Peer sent packet with method EAP MSCHAPv2 (26) (1) eap: Calling submodule eap_mschapv2 to process data (1) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) eap_mschapv2: authenticate { (1) mschap: Found Cleartext-Password, hashing to create NT-Password (1) mschap: Found Cleartext-Password, hashing to create LM-Password (1) mschap: Creating challenge hash with username: doka (1) mschap: Client is using MS-CHAPv2 (1) mschap: Adding MS-CHAPv2 MPPE keys (1) [mschap] = ok (1) } # authenticate = ok (1) MSCHAP Success
2) while as soon as I switch to SHA2-Password, it stops authenticate requests
(1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) files: users: Matched entry doka at line 69 (1) files: EXPAND Hello, %{User-Name} (1) files: --> Hello, doka (1) [files] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: Normalizing SHA2-Password from hex encoding, 64 bytes -> 32 bytes (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x1ba8bb871ba9a1a0 (1) eap: Finished EAP session with state 0x1ba8bb871ba9a1a0 (1) eap: Previous EAP request found for state 0x1ba8bb871ba9a1a0, released from the list (1) eap: Peer sent packet with method EAP MSCHAPv2 (26) (1) eap: Calling submodule eap_mschapv2 to process data (1) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) eap_mschapv2: authenticate { (1) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (1) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (1) mschap: Creating challenge hash with username: doka (1) mschap: Client is using MS-CHAPv2 (1) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (1) mschap: ERROR: MS-CHAP2-Response is incorrect (1) [mschap] = reject (1) } # authenticate = reject (1) eap: Sending EAP Failure (code 4) ID 1 length 4 (1) eap: Freeing handler (1) [eap] = reject (1) } # authenticate = reject (1) Failed to authenticate the user
Configuration is the following:
1) sites-enabled/default : authorize { filter_username preprocess auth_log chap mschap digest suffix eap { ok = return } files -sql -ldap expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } mschap digest eap }
2) mods-enabled/eap : eap { default_eap_type = mschapv2 timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = ${max_requests} md5 { } mschapv2 { } }
3) mods-enabled/mschap (unmodified) : mschap { pool { start = ${thread[pool].start_servers} min = ${thread[pool].min_spare_servers} max = ${thread[pool].max_servers} spare = ${thread[pool].max_spare_servers} uses = 0 retry_delay = 30 lifetime = 86400 cleanup_interval = 300 idle_timeout = 600 } passchange { } }
4) mod-enabled/pap (unmodified) : pap { }
I will greatly appreciate any help on working around this issue. Please.
Thank you!
-- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
-- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
participants (4)
-
Arran Cudbard-Bell -
Fajar A. Nugraha -
Stefan Winter -
Volodymyr Litovka