NTLM Auth Problem
Phil Mayers
p.mayers at imperial.ac.uk
Tue Apr 24 16:16:06 CEST 2012
On 24/04/12 13:44, Ali Majdzadeh wrote:
> Hi
>
> I checked that rlm_mschap converts the CHAP_CHALLENGE from radius packet
> into other format that used in ntlm_auth.
>
> Radius Packet: MS-CHAP-Challenge = 0x7e95c31b02cd054fd1dcacea7c2fb358
>
> Radius –X output for Ntlm_auth: expand:
> --challenge=%{%{mschap:Challenge}:-00} -> --challenge=4487f1f9d023e69b
>
> U told that is normal, based on RFC. I checked the rlm_mschap.c and
> rlm_exec.c and also src/main/util.c, It seems that they are copying
Did you read the RFC?
> variable one by one from radius packet into ntlm_auth and I did not find
> any function to do converting. May give me more information?
Sigh.
See here:
https://github.com/alandekok/freeradius-server/blob/master/src/modules/rlm_mschap/rlm_mschap.c#L278
...and here:
https://github.com/alandekok/freeradius-server/blob/master/src/modules/rlm_mschap/mschap.c#L70
...which is an implementation of this:
http://www.ietf.org/rfc/rfc2759.txt
If you actually READ the RFC, you will see it contains detailed
pseudo-code describing how this work, and even gives sample hex data
that you can test your script with.
More information about the Freeradius-Users
mailing list