At 04:30 PM 11/12/2001 -0500, you wrote:
>Nathan Miller <[EMAIL PROTECTED]> wrote:
> > In that case, does it mean the values are being passed in HEX and not
> > Binary?
>
> Yes. The values are passed exactly like they appear when printed in
>debugging mode.
>
> > Looking at the data more closely, it does appear they are. But if
> > it's getting mangled because of the conversion pre-env then perhaps we can
> > just pass them as binary and let perl do the binary -> hex conversion?
>
> No, binary data would get mangled. Hex data doesn't.
>
> It means that you've got to convince perl to convert the hex to
>binary, and THEN md5 it.
>
> Alan DeKok.
OK.. here's some debugging output from my 2 current radius servers. The
first is from freeradius. This is exactly what shows up in debug and what
is passed to my external script. This is clearly not hex data. General
consensus here is it's Octal, just w/o the leading 0's.
CHAP_CHALLENGE = \321r\2443S\222\0139ZF\327\250\227\311\010\321
CHAP_PASSWORD =
\001\342\256\032\255\273c\361\261Q\217p_\377\261\250\273
Now, here's what I am getting from XT Radius. They truly are converting it
to Hex.
CHAP_PASSWORD = 01F5239785CBACC846303D7E3A1E7EACD9
CHAP_CHALLENGE = 32401BA4CE64806919A3B53E9DEED340
While in absolutely no way saying XT is great, I have tons of trouble with
it and that is why I am pushing so hard to convert production servers to
freeradius. This is the data I was expecting to be passed for the CHAP
variables.
Possible solutions:
1. A perl routine to convert octal -> hex OR octal -> binary for use in
md5 for comparing chap-password to digest.
2. Make freeradius truly send data in Hex rather than octal (I have a guy
working on this now, will submit patch when done).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
