Authentication issues with Win7 and WPA/WPA2 Enterprise

Phil Mayers p.mayers at imperial.ac.uk
Wed May 18 19:34:25 CEST 2011


On 18/05/11 17:35, Gary Gatten wrote:
> That's what I was afraid of...
>
> Can you expand on this:
>
> "You *can* check that a given response is valid for a given challenge, if
> you know the password or nt hash."

At length, but I would be here all day ;o)

Basically, I've got a python script that performs the MS-CHAP crypto. 
I'll see if I can stick it somewhere people can make use of it.

But FreeRADIUS does this "right". There's no need for an external script 
(unless you're fiddling with the MS-CHAP module guts, which I was when I 
wrote it).

If FreeRADIUS is telling you the mschap response is wrong, it's wrong. 
Either:

  1. The client is sending wrong data
  2. The server has wrong data (password/hash)
  3. Something is fiddling with the data in transit

Since we *know* your Aruba kit is doing some fiddling, it



More information about the Freeradius-Users mailing list