EAP-PEAP MSCHAPv2 with Python Module
Gary Gwin
garygwin at gmail.com
Thu Nov 9 21:45:27 CET 2017
> Perhaps you could explain why you think you need to see the NT hash.
I'm enlightened and don't think I need it anymore ;-)
Here's pseudocode for my Python authorize method for the inner-tunnel:
def authorize(RAD_REQUEST):
nt_hash = get_user_nt_hash(user_name)
config = ( ('NT-Password', nt_hash), ('Auth-Type', ':=', 'MS-CHAP'), )
result = radiusd.RLM_MODULE_OK
return (result, (), config)
Which is working, the user authenticates, but I see this error:
(8) Found Auth-Type = MS-CHAP
(8) Found Auth-Type = eap
(8) ERROR: Warning: Found 2 auth-types on request for user 'testing'
That doesn't seem to cause a problem, but is there something that
should be done to suppress the error?
Thanks,
Gary
On Thu, Nov 9, 2017 at 6:09 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Nov 8, 2017, at 9:55 PM, Gary Gwin <garygwin at gmail.com> wrote:
>>
>> What I'm really asking is how I can get access from the inner-tunnel
>> to the NT hash?
>
> You can't. It doesn't exist.
>
>> I don't see it passed in. Just the User-Name and EAP-Message.
>>
>> If it is encrypted in the EAP-Message payload, how do I decrypt?
>
> It's not encrypted in EAP-Message. It doesn't exist.
>
> This is really quite simple. If FreeRADIUS decodes information from a RADIUS packet or EAP-Message, it shows that information to you. If there's no information shown... there's no information to decode.
>
> Perhaps you could explain why you think you need to see the NT hash.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list