mschap confusion

Christian Salway christian.salway at naimuri.com
Thu Nov 15 15:01:41 CET 2018 

I dont understand what is failing here...

when i run `radtest -t mschap christian.salway pa$$word 10.0.0.247 0 testing123`

the response is

(4)   authenticate {
(4) mschap: Client is using MS-CHAPv1 with NT-Password
(4) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(4) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
(4) mschap:    --> --username=christian.salway
(4) mschap: mschap1: e5
(4) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00}
(4) mschap:    --> --challenge=e5305944c91f56f9
(4) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
(4) mschap:    --> --nt-response=17d86fe7e55770aa8e3f5e6545c45578844f5fd7e18888d3
(4) mschap: Program returned code (0) and output 'NT_KEY: 7EAE67D582A054C071FC841CE38DCC98'
(4) mschap: adding MS-CHAPv1 MPPE keys
(4)     [mschap] = ok
(4)   } # authenticate = ok

but when i try to connect AWS Management console up to freeradius (which worked with NPS) I get the following error

(3)   authenticate {
(3) mschap: Client is using MS-CHAPv1 with NT-Password
(3) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(3) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
(3) mschap:    --> --username=christian.salway
(3) mschap: ERROR: MS-CHAP2-Response is required to calculate MS-CHAPv1 challenge
(3) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00}
(3) mschap:    --> --challenge=00
(3) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
(3) mschap:    --> --nt-response=f42cfed85f0dab20ae4f6be4820ee4b0579baf7e05a879e7
hex decode of 00 failed! (only got 1 bytes)
(3) mschap: ERROR: Program returned code (1) and output ''
(3) mschap: External script failed
(3) mschap: ERROR: External script says: 
(3) mschap: ERROR: MS-CHAP2-Response is incorrect
(3)     [mschap] = reject
(3)   } # authenticate = reject


and if i try it with MS-CHAPv2

(7)   authenticate {
(7) mschap: Creating challenge hash with username: christian.salway
(7) mschap: Client is using MS-CHAPv2
(7) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(7) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
(7) mschap:    --> --username=christian.salway
(7) mschap: Creating challenge hash with username: christian.salway
(7) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00}
(7) mschap:    --> --challenge=87096cbcc288f585
(7) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
(7) mschap:    --> --nt-response=69ebf16ddad737fbaa5315235a9316fe9ccb5fcbc06c07e2
(7) mschap: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
(7) mschap: External script failed
(7) mschap: ERROR: External script says: Logon failure (0xc000006d)
(7) mschap: ERROR: MS-CHAP2-Response is incorrect
(7)     [mschap] = reject
(7)   } # authenticate = reject



whats going on?!

More information about the Freeradius-Users mailing list