Ms-Chap + NT-Password

Herwin Weststrate herwin at
Mon Dec 31 16:31:40 CET 2018

On 31-12-18 16:22, Anton Kiryushkin wrote:
> In other words, how can I make a different way to authorisation users by
> per controllers?
> I found the option virtual_server, but when I read a log I saw that client
> goes through a dedicated site with an md5-hashed password and after comes
> back to default site.
> What is this hash:
>  MD5-Password := 0x6c375752517179667431416e4c4f6462714d365679413d3d
> I saved in my database other hashed via next script:
> #! /usr/bin/perl -w
> use strict;
> use Digest::MD5;
> use MIME::Base64;
> unless($ARGV[0]){
>  print "Please supply a password to create a MD5 hash from.\n";
>  exit;
> }
> my $ctx = Digest::MD5->new;
> $ctx->add($ARGV[0]);
> print encode_base64($ctx->digest,'')."\n";

That doesn't result in a MD5 hash, but in a base64-encoded MD5 hash. You
can replace the last line with:

  print $ctx->hexdigest."\n";

(Or just use something like `echo -n "secret" | md5sum` in bash)

> And passwords hashed in that way are working with VPN-site.

Theoretically, FreeRADIUS will be able to use it as well, after
performing a number of operations on it. It's probably easier to check
if the VPN-thingy supports the output of hexdigest as well.

Herwin Weststrate

More information about the Freeradius-Users mailing list