rlm_python learnings - PAP and MSCHAPv2

Lang, Russell Russell.Lang at team.telstra.com
Fri Jan 17 07:20:35 CET 2020


If you set the REST authorize 'body'='json' you do get the attributes, if you 'body'='post' you get none.

In what format should the REST API return NT-Password?
{'control:NT-Password': {'type': 'string', 'value': ['0x0123456789ABCDEF0123456789ABCDEF ']}}


-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+russell.lang=team.telstra.com at lists.freeradius.org> On Behalf Of Lang, Russell
Sent: Friday, 17 January 2020 16:25
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: RE: rlm_python learnings - PAP and MSCHAPv2

> Why are you trying to use PAP to process MSCHAP data?

I'm not.  PAP is used for WPA2-Personal clients, and PEAP/MSCHAPv2 for WPA2-Enterprise.
We need to authenticate both with the NT-Password.
 
> Set control:NT-Password in your rest response and use the MSCHAP module to process MSCHAP data...

rlm_rest.c won't authenticate unless User-Password is available.
Are you saying that the REST authorize can return the NT-Password in the JSON repsonse, and let FreeRADIUS handle both PAP and PEAP-MSCHAPv2 authentication?

Is there a quick way to get all attributes passed to the REST API?
The following rest config gives an empty body to the POST:
	authorize {
		uri = "http://nginx:8000/radiusRest?action=authorize"
		method = 'post'
		body = 'post'
	}




-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+russell.lang=team.telstra.com at lists.freeradius.org> On Behalf Of Arran Cudbard-Bell
Sent: Friday, 17 January 2020 15:04
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: rlm_python learnings - PAP and MSCHAPv2

[External Email] This email was sent from outside the organisation – be cautious, particularly with links and attachments.

> Allow PAP authorize and rlm_rest to work if the NT hash of the password is available.

Why are you trying to use PAP to process MSCHAP data?

Set control:NT-Password in your rest response and use the MSCHAP module to process MSCHAP data...

Arran Cudbard-Bell <a.cudbardb at freeradius.org> FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list