Radclient.c hack for ntlm_auth testing

Dow, Corey corey.dow at hp.com
Sat Feb 24 16:40:13 CET 2007

Hi All, 

Is there any way to get radclient working with chap and ntlm_auth? 

If I try to use it with ntlm_auth, I get an Accept even with a bad password.

redhatfc5:/etc/raddb # rt /tmp/file
Sending Access-Request of id 15 to port 1812
        User-Name = "codo"
        CHAP-Password = 0x0f25a253a1113c6f903f31ec0d8eb7fae9
        NAS-IP-Address =
        NAS-Port-Type = Ethernet
        NAS-Port = 1
        Calling-Station-Id = "000100000001"
rad_recv: Access-Accept packet from host, id=15, length=61
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "103"
        HP-port-priority-regeneration-table = "0"

           Total approved auths:  1
             Total denied auths:  0
               Total lost auths:  0

redhatfc5:/etc/raddb # grep codo users
codo    Auth-Type := ntlm_auth

redhatfc5:/etc/raddb # radtest codo badpass 1 hpsecret
Sending Access-Request of id 144 to port 1812
        User-Name = "codo"
        User-Password = "badpass"
        NAS-IP-Address =
        NAS-Port = 1
rad_recv: Access-Accept packet from host, id=144, length=35

The radiusd debug output shows:
auth: type "ntlm_auth"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
radius_xlat: Running registered xlat function of module mschap for string
radius_xlat:  '/usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=NETIDM
--username=codo --password='
Exec-Program: /usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=NETIDM
--username=codo --password=
  modcall[authenticate]: module "ntlm_auth" returns ok for request 0
modcall: leaving group authenticate (returns ok) for request 0
Login OK: [codo/<CHAP-Password>] (from client me port 1 cli 000100000001)
  Processing the post-auth section of radiusd.conf

I saw Alan's blog that states this isn't currently available but I was
wondering if there was a way around it. 

Thanks !

Corey Dow
Solution Test Center Engineer
ProCurve Networking
Hewlett-Packard Company

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4805 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070224/bba7ffe5/attachment.bin>

More information about the Freeradius-Users mailing list