That's what I was afraid of... Can you expand on this:
"You *can* check that a given response is valid for a given challenge, if you know the password or nt hash." TIA G -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Wednesday, May 18, 2011 11:27 AM To: freeradius-users@lists.freeradius.org Subject: Re: Authentication issues with Win7 and WPA/WPA2 Enterprise On 18/05/11 17:10, Gary Gatten wrote: > I would LOVE if W7 just worked! People here are blaming FR and I'm > trying to convince them it has nothing to do with it, but since the > MSCHAP challenges / responses are hashed I can't PROVE it to them. > > I have FR debugs of a working auth and a rejected auth. I'd like to > "unhash" the MSCHAP stuff to see in clear text what's getting sent > back and forth so I can get a better idea of why the request is being > rejected. That isn't really how it works. MS-CHAP is a (reasonably) cryptographically secure protocol. You can't go backwards from: MS-CHAP-Challenge = xxx MS-CHAP2-Response = yyy ...to anything meaningful. You *can* check that a given response is valid for a given challenge, if you know the password or nt hash. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html