On 18/05/11 17:35, Gary Gatten wrote:
That's what I was afraid of...
Can you expand on this:
"You *can* check that a given response is valid for a given challenge, if
you know the password or nt hash."
At length, but I would be here all day ;o)
Basically, I've got a python script that performs the MS-CHAP crypto.
I'll see if I can stick it somewhere people can make use of it.
But FreeRADIUS does this "right". There's no need for an external script
(unless you're fiddling with the MS-CHAP module guts, which I was when I
wrote it).
If FreeRADIUS is telling you the mschap response is wrong, it's wrong.
Either:
1. The client is sending wrong data
2. The server has wrong data (password/hash)
3. Something is fiddling with the data in transit
Since we *know* your Aruba kit is doing some fiddling, it
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
