Hello!
I am writing custom script substituting ntlm_auth program which
authenticates users of our subnet using freeradius and mschap module.
But I do not quite understand what is the expected return value of the
ntlm_auth program. I think that my script should return the string
NT_KEY: xxx. where xxx is a NT-hash of user's password. But when I made
my script return this value then only TTLS/MSCHAPV1 authentication
works, but not TTLS/MSCHAPV2 and PEAP/MSCHAPV2 which both hangs on the
second phase. Looking into the source code of
freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c (lines No.
753 vs.691) I have found that rlm_mschap module rather expects from the
ntlm_auth not the NT-hash itself but rather a MD4 hash of the NT-hash.
It is not hard for me to change my script accordingly, but I wonder is
this an intended behavior or a bug?
Thank you in advance.
M.Kondrin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
