Dear Martin Gadbois,
read doc/rlm_mschap carefully. All you need is update
dictionary.microsoft.
--Tuesday, December 10, 2002, 11:46:51 PM, you wrote to
[EMAIL PROTECTED]:
MG> -----BEGIN PGP SIGNED MESSAGE-----
MG> Hash: SHA1
MG> Hello all,
MG> I found that freeradius-0.8 does not encrypt the MS-CHAPv1 MPPE keys as specified
by RFC 2548 sec.
MG> 2.4.1.
MG> In fact, that code was commented out.
MG> Here is the patch:
MG> - --- freeradius-0.8/src/modules/rlm_mschap/rlm_mschap.c Wed Oct 2
10:37:08 2002
MG> +++ freeradius-0.8-modif/src/modules/rlm_mschap/rlm_mschap.c Tue Dec 10
15:40:33 2002
MG> @@ -860,6 +860,7 @@
MG> ~ /* now create MPPE attributes */
MG> ~ if (inst->use_mppe) {
MG> ~ if (chap == 1){
MG> + int len;
MG> ~ DEBUG2("rlm_mschap: adding MS-CHAPv1 MPPE
keys");
MG> ~ memset (mppe_sendkey, 0, 32);
MG> ~ if (smbPasswd.smb_passwd)
MG> @@ -875,10 +876,10 @@
MG> ~ memcpy
(mppe_sendkey+8,smbPasswd.smb_nt_passwd,16);
MG> ~ */
MG> ~ md4_calc(mppe_sendkey+8,
smbPasswd.smb_nt_passwd,16);
MG> - -/*
MG> +
MG> ~ rad_pwencode(mppe_sendkey, &len,
MG> ~ request->secret,
request->packet->vector);
MG> - -*/
MG> +
MG> ~ mppe_add_reply( &request->reply->vps,
MG> ~
"MS-CHAP-MPPE-Keys",mppe_sendkey,32);
MG> ~ }
MG> Sorry if this is a repeat.
MG> That code works well with Win2K Professional.
MG> - --
MG> ==============
MG> Martin Gadbois
MG> S/W Developper
MG> Colubris Networks Inc.
MG> PS: I do not subscribe to this list...
MG> -----BEGIN PGP SIGNATURE-----
MG> Version: GnuPG v1.0.4 (GNU/Linux)
MG> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
MG> iEYEARECAAYFAj32UroACgkQ9Y3/iTTCEDkmqACfdt7uSiZSR6Gjn0sN1rv4Lk7T
MG> pSsAn0rw55GXyAnAU8TmYK/M1k59SwrP
MG> =n1iW
MG> -----END PGP SIGNATURE-----
MG> -
MG> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Пока вы во власти провидения, вам не удастся умереть раньше срока. (Твен)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
