using external script in virtual server config
the2nd at otpme.org
the2nd at otpme.org
Mon Jan 26 22:54:41 CET 2015
i tried it with the config below but the attribute Tmp-Octets-0 is
always "0x". it think thats because the mschap module is disabled. but
if i enable it i get no auth request from rlm_python. i guess thats
because the mschap module always tries to do authentication, via
ntlm_auth or via users file!?
or is this a configuration issue?
authenticate {
Auth-Type EAP {
eap
}
Auth-Type MS-CHAP {
#mschap
update request {
Tmp-Octets-0 := "%{mschap:Challenge}"
}
otpme
}
Auth-Type OTPme {
otpme
}
}
i also noticed that authData includes a challange/response pair but they
are different (longer) from what i get from mschap module when running
otpme as ntlm_auth replacement.
the request EAP-Type is set to MS-CHAP-V2. is this an encapsulated
mschap request?
On 2015-01-25 23:28, Alan DeKok wrote:
> On Jan 25, 2015, at 3:56 PM, the2nd <the2nd at otpme.org> wrote:
>> I already have implemented mschap authentication im OTPme and use it
>> from within the mschap module as a ntlm_auth replacement. But it would
>> be great if i could also handle this in rlm_python.
>
> OK.
>
>> If if i could get challenge and response from authData just like its
>> done with username and password i could verify it and return the
>> nt_key on success.
>
> You have the challenge and response. See the ntlm_auth line:
>
> =%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}”
>
> Just put those strings into temporary attributes.
>
> update request {
> Tmp-Octets-0 := "%{mschap:Challenge}”
> ...
> }
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list