using external script in virtual server config

the2nd at the2nd at
Mon Jan 26 22:54:41 CET 2015

i tried it with the config below but the attribute Tmp-Octets-0 is 
always "0x". it think thats because the mschap module is disabled. but 
if i enable it i get no auth request from rlm_python. i guess thats 
because the mschap module always tries to do authentication, via 
ntlm_auth or via users file!?

or is this a configuration issue?

         authenticate {
                 Auth-Type EAP {

                 Auth-Type MS-CHAP {
                         update request {
                                Tmp-Octets-0 := "%{mschap:Challenge}"

                 Auth-Type OTPme {

i also noticed that authData includes a challange/response pair but they 
are different (longer) from what i get from mschap module when running 
otpme as ntlm_auth replacement.

the request EAP-Type is set to MS-CHAP-V2. is this an encapsulated 
mschap request?

On 2015-01-25 23:28, Alan DeKok wrote:
> On Jan 25, 2015, at 3:56 PM, the2nd <the2nd at> wrote:
>> I already have implemented mschap authentication im OTPme and use it 
>> from within the mschap module as a ntlm_auth replacement. But it would 
>> be great if i could also handle this in rlm_python.
>   OK.
>> If if i could get challenge and response from authData just like its 
>> done with username and password i could verify it and return the 
>> nt_key on success.
>   You have the challenge and response.  See the ntlm_auth line:
> =%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}”
>   Just put those strings into temporary attributes.
> 	update request {
> 			Tmp-Octets-0 := "%{mschap:Challenge}”
> 			...
> 	}
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list