Authentication issues with Win7 and WPA/WPA2 Enterprise
Gary Gatten
Ggatten at waddell.com
Wed May 18 18:35:05 CEST 2011
That's what I was afraid of...
Can you expand on this:
"You *can* check that a given response is valid for a given challenge, if
you know the password or nt hash."
TIA
G
-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Wednesday, May 18, 2011 11:27 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: Authentication issues with Win7 and WPA/WPA2 Enterprise
On 18/05/11 17:10, Gary Gatten wrote:
> I would LOVE if W7 just worked! People here are blaming FR and I'm
> trying to convince them it has nothing to do with it, but since the
> MSCHAP challenges / responses are hashed I can't PROVE it to them.
>
> I have FR debugs of a working auth and a rejected auth. I'd like to
> "unhash" the MSCHAP stuff to see in clear text what's getting sent
> back and forth so I can get a better idea of why the request is being
> rejected.
That isn't really how it works. MS-CHAP is a (reasonably)
cryptographically secure protocol. You can't go backwards from:
MS-CHAP-Challenge = xxx
MS-CHAP2-Response = yyy
...to anything meaningful.
You *can* check that a given response is valid for a given challenge, if
you know the password or nt hash.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
More information about the Freeradius-Users
mailing list