Authentication issues with Win7 and WPA/WPA2 Enterprise
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 18 18:27:09 CEST 2011
On 18/05/11 17:10, Gary Gatten wrote:
> I would LOVE if W7 just worked! People here are blaming FR and I'm
> trying to convince them it has nothing to do with it, but since the
> MSCHAP challenges / responses are hashed I can't PROVE it to them.
>
> I have FR debugs of a working auth and a rejected auth. I'd like to
> "unhash" the MSCHAP stuff to see in clear text what's getting sent
> back and forth so I can get a better idea of why the request is being
> rejected.
That isn't really how it works. MS-CHAP is a (reasonably)
cryptographically secure protocol. You can't go backwards from:
MS-CHAP-Challenge = xxx
MS-CHAP2-Response = yyy
...to anything meaningful.
You *can* check that a given response is valid for a given challenge, if
you know the password or nt hash.
More information about the Freeradius-Users
mailing list