Dear Alan DeKok,
there is bug in MS-CHAPv2 if do_ntlm_auth configured:
/*
* Update the NT hash hash, from the NT key.
*/
if (hex2bin(buffer + 8, nthashhash, 16) != 16) {
Buffer hash nthash, additional md4() is required to get nthashhash from
nthash.
I don't understand why nthashhash computation is moved to do_mschap,
because it's only required in MS-CHAPv2.
I have no chance to test, so I do not risk to apply patch by myself.
This bug have nothing to do with problems discussed.
--Thursday, May 27, 2004, 6:36:49 PM, you wrote to [EMAIL PROTECTED]:
AD> Dinko Korunic <[EMAIL PROTECTED]> wrote:
>> Unfortunately, I can confirm that I've been unsucessful with 4 different
>> Windows boxes using MSCHAPv2 which have been using Java RADIUS client as
>> well as XP supplicant (as well as SecureW2 supplicant). Yet, they're all
>> working fine with MD5/CHAP/MSCHAPv1/PAP.. It could be my mistake, but
>> I'm slightly running out of ideas what to do.
AD> I've tested with the latest CVS snapshot, using a copy of an
AD> MS-CHAPv2 session I've had sitting around for months, and which was
AD> taken from a non-FreeRADIUS client. It works for me.
AD> Are you sure you're running the latest CVS snapshot?
AD> Alan DeKok.
AD> -
AD> List info/subscribe/unsubscribe? See
AD> http://www.freeradius.org/list/users.html
--
~/ZARAZA
Впрочем, важнее всего - алгоритм! (Лем)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
