Detect MSCHAPv2 inner-tunnel state
garygwin at gmail.com
Sat Sep 22 19:23:00 CEST 2018
The attached radius.log shows successful EAP-PEAP/MSCHAPv2 authentication
using a Windows 10 client and Meraki access point with FreeRADIUS 3.0.17.
An inner-tunnel Python script uses an API to get the NT hash and sets the
NT-Password within authorize. The standard authenticate MS-CHAP module then
During the chatty inner-tunnel MSCHAPv2 negotiation, the get NT hash API is
invoked twice in requests 7 and 8, which works, but with unnecessary script
and API load. I can eliminate the second invocation in step 8 by checking
the request EAP-Message for length. That feels fragile. There must be a
better way to detect state to determine we're in request 8.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 56530 bytes
Desc: not available
More information about the Freeradius-Users