Radclient.c hack for ntlm_auth testing

Dow, Corey corey.dow at hp.com
Sat Feb 24 16:40:13 CET 2007 

Hi All, 

Is there any way to get radclient working with chap and ntlm_auth? 

If I try to use it with ntlm_auth, I get an Accept even with a bad password.


redhatfc5:/etc/raddb # rt /tmp/file
Sending Access-Request of id 15 to 127.0.0.1 port 1812
        User-Name = "codo"
        CHAP-Password = 0x0f25a253a1113c6f903f31ec0d8eb7fae9
        NAS-IP-Address = 180.44.200.10
        NAS-Port-Type = Ethernet
        NAS-Port = 1
        Calling-Station-Id = "000100000001"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=15, length=61
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "103"
        HP-port-priority-regeneration-table = "0"

           Total approved auths:  1
             Total denied auths:  0
               Total lost auths:  0

redhatfc5:/etc/raddb # grep codo users
codo    Auth-Type := ntlm_auth

redhatfc5:/etc/raddb # radtest codo badpass 127.0.0.1 1 hpsecret
Sending Access-Request of id 144 to 127.0.0.1 port 1812
        User-Name = "codo"
        User-Password = "badpass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=144, length=35

The radiusd debug output shows:
auth: type "ntlm_auth"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
radius_xlat: Running registered xlat function of module mschap for string
'User-Name'
radius_xlat:  '/usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=NETIDM
--username=codo --password='
Exec-Program: /usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=NETIDM
--username=codo --password=
  modcall[authenticate]: module "ntlm_auth" returns ok for request 0
modcall: leaving group authenticate (returns ok) for request 0
Login OK: [codo/<CHAP-Password>] (from client me port 1 cli 000100000001)
  Processing the post-auth section of radiusd.conf

I saw Alan's blog that states this isn't currently available but I was
wondering if there was a way around it. 

Thanks !
Corey
 

Corey Dow
Solution Test Center Engineer
ProCurve Networking
Hewlett-Packard Company









-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4805 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070224/bba7ffe5/attachment.bin>

More information about the Freeradius-Users mailing list