At 04:30 PM 11/12/2001 -0500, you wrote: >Nathan Miller <[EMAIL PROTECTED]> wrote: > > In that case, does it mean the values are being passed in HEX and not > > Binary? > > Yes. The values are passed exactly like they appear when printed in >debugging mode. > > > Looking at the data more closely, it does appear they are. But if > > it's getting mangled because of the conversion pre-env then perhaps we can > > just pass them as binary and let perl do the binary -> hex conversion? > > No, binary data would get mangled. Hex data doesn't. > > It means that you've got to convince perl to convert the hex to >binary, and THEN md5 it. > > Alan DeKok.
OK.. here's some debugging output from my 2 current radius servers. The first is from freeradius. This is exactly what shows up in debug and what is passed to my external script. This is clearly not hex data. General consensus here is it's Octal, just w/o the leading 0's. CHAP_CHALLENGE = \321r\2443S\222\0139ZF\327\250\227\311\010\321 CHAP_PASSWORD = \001\342\256\032\255\273c\361\261Q\217p_\377\261\250\273 Now, here's what I am getting from XT Radius. They truly are converting it to Hex. CHAP_PASSWORD = 01F5239785CBACC846303D7E3A1E7EACD9 CHAP_CHALLENGE = 32401BA4CE64806919A3B53E9DEED340 While in absolutely no way saying XT is great, I have tons of trouble with it and that is why I am pushing so hard to convert production servers to freeradius. This is the data I was expecting to be passed for the CHAP variables. Possible solutions: 1. A perl routine to convert octal -> hex OR octal -> binary for use in md5 for comparing chap-password to digest. 2. Make freeradius truly send data in Hex rather than octal (I have a guy working on this now, will submit patch when done). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html