Re: Freeradius and mschapv2
On Saturday 21 May 2005 08:11, Jonathan Delizy wrote: > Hi everyone, > > I've just installed FreeRadius on my server. I need to authnticate > clients by using MSCHAPv2. I've followed this howto: > http://www.tldp.org/HOWTO/8021X-HOWTO/freeradius.html > But, when I run radiusd -X, it says that it need a certificate. I use > MSCHAPv2 as I don't want to have to distribute certificates to clients > so, why Freeradius ask me a certificate and how can I solve the problem? > Read the whole HOWTO. You may be using MSCHAPv2 but it is in conjuction with EAP. Start with http://www.tldp.org/HOWTO/8021X-HOWTO/intro.html and read each page. Zoltan Ori - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and mschapv2
Hi everyone, I've just installed FreeRadius on my server. I need to authnticate clients by using MSCHAPv2. I've followed this howto: http://www.tldp.org/HOWTO/8021X-HOWTO/freeradius.html But, when I run radiusd -X, it says that it need a certificate. I use MSCHAPv2 as I don't want to have to distribute certificates to clients so, why Freeradius ask me a certificate and how can I solve the problem? Jonathan Here is radiusd -X output: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 2560 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "yes" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "(null)" tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "jodprivatekey" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 5105:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:637:Expecting: CERTIFICATE 5105:error:0200100E:system library:fopen:Bad address:bss_file.c:278:fopen('','r') 5105:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280: 5105:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:515: rlm_eap_tls: Error reading certificate file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Fri, May 28, 2004 at 01:08:26PM -0400, Alan DeKok wrote: > The new code passes my tests, and should pass yours, too. Yeps, works. It looks a bit messy, though, but works for both padded and unpadded outputs for test vectors. Excellent, I'm glad that's fixed. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Dinko Korunic <[EMAIL PROTECTED]> wrote: > Here's the updated version - which is working well according to test > vectors I've got from your old code. I hope I didn't break EAP-SIM > :) I've just commited an update to the existing SHA1 code. I realized that I had hacked md4/md5, to use "uint32_t" rather than "unsigned long", and hadn't done the same for sha1.c The new code passes my tests, and should pass yours, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Fri, May 28, 2004 at 05:05:04PM +0200, Dinko Korunic wrote: > void SHA1Final(uint8_t *out, void* ctx); > uint32_t rol(uint32_t value, uint32_t bits); Doh. Sorry, I've missed that you've added SHA1FinalNoLen() as SHA1-M implementation of FIPS 186-2 Appendix 3.3 in recent CVS sha1. Here's the updated version - which is working well according to test vectors I've got from your old code. I hope I didn't break EAP-SIM :) -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo /* SHA1 Secure Hash Algorithm. * * Derived from cryptoapi implementation, adapted for in-place * scatterlist interface. Originally based on the public domain * implementation written by Steve Reid. * * Copyright (c) Alan Smithee. * Copyright (c) Andrew McDonald <[EMAIL PROTECTED]> * Copyright (c) Jean-Francois Dive <[EMAIL PROTECTED]> * * Modified for FreeRADIUS (c) Dinko Korunic <[EMAIL PROTECTED]> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at your option) * any later version. * * Version: $Id$ * */ #include "sha1.h" inline uint32_t rol(uint32_t value, uint32_t bits) { return (((value) << (bits)) | ((value) >> (32 - (bits; } /* blk0() and blk() perform the initial expand. */ /* I got the idea of expanding during the round function from SSLeay */ # define blk0(i) block32[i] #define blk(i) (block32[i&15] = rol(block32[(i+13)&15]^block32[(i+8)&15] \ ^block32[(i+2)&15]^block32[i&15],1)) /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5); \ w=rol(w,30); #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5); \ w=rol(w,30); #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5); \ w=rol(w,30); #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); /* Hash a single 512-bit block. This is the core of the algorithm. */ void SHA1Transform(uint32_t *state, const uint8_t *in) { uint32_t a, b, c, d, e; uint32_t block32[16]; /* convert/copy data to workspace */ for (a = 0; a < sizeof(block32)/sizeof(uint32_t); a++) block32[a] = ntohl (((const uint32_t *)in)[a]); /* Copy context->state[] to working vars */ a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; /* 4 rounds of 20 operations each. Loop unrolled. */ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); /* Add the working vars back into context.state[] */ state[0] += a; state[1] += b; state[2] += c; state[3] += d; state[4] += e; /* Wipe variables */ a = b = c = d = e = 0; memset (block32, 0x00, sizeof block32); } void SHA1Init(void *ctx) { SHA1_CTX *sctx = ctx; static const SHA1_CTX initstate = { 0, { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }, { 0, } }; *sctx
Re: FreeRADIUS and mschapv2 problems
Dinko Korunic <[EMAIL PROTECTED]> wrote: > I've been working and coding on this all night, and I might have an answer. > Seems that endianess isn't an issue - more probably the SHA1 code and macros, > which confuse gcc (3.3, 2.95, etc.) on Alpha architecture. Ah. That's why it works fine on Solaris, MIPs, and other big-endian machines. I think we'll mark this down down as a compiler bug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 05:03:26PM -0400, Alan DeKok wrote: > You can then run it on two machines, use 'grep' to pull out the > MSCHAP lines from the debug log, and then use 'diff' to see where they > differ. This will let you track down where the problem occurs. I've traced the bug down to SHA1 code which isn't clean - long type on Alpha is 64bit. I've rewritten SHA1.c using some of CryptoAPI code, and tested it with test vectors, as well as PEAP - and all is working now [0.9.3 for sure, probably CVS versions too]. ... auth: type "MS-CHAP" modcall: entering group Auth-Type for request 0 rlm_mschap: doing MS-CHAPv2 with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 0 modcall: group Auth-Type returns ok for request 0 Login OK: [aland] (from client imu port 0) Sending Access-Accept of id 242 to 127.0.0.1:32773 MS-CHAP2-Success = 0x3c533d46453337433833344237434339443235463133393233463835354532443335454645343145463042 MS-MPPE-Recv-Key = 0xacd95e31614594ec0c5a1f5f83989c42 MS-MPPE-Send-Key = 0xf52670d2b05a5321de830fa386a034b7 MS-MPPE-Encryption-Policy = 0x0001 MS-MPPE-Encryption-Types = 0x0006 ... I'm attaching new sha1.c and sha1.h, which should be working on both little and bigendian machines, etc. If sha1.c is compiled with -DTEST, it will check itself with standard three test vectors. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo /* SHA1 Secure Hash Algorithm. * * Derived from cryptoapi implementation, adapted for in-place * scatterlist interface. Originally based on the public domain * implementation written by Steve Reid. * * Copyright (c) Alan Smithee. * Copyright (c) Andrew McDonald <[EMAIL PROTECTED]> * Copyright (c) Jean-Francois Dive <[EMAIL PROTECTED]> * * Modified for FreeRADIUS (c) Dinko Korunic <[EMAIL PROTECTED]> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at your option) * any later version. * * Version: $Id$ */ #include "sha1.h" inline uint32_t rol(uint32_t value, uint32_t bits) { return (((value) << (bits)) | ((value) >> (32 - (bits; } /* blk0() and blk() perform the initial expand. */ /* I got the idea of expanding during the round function from SSLeay */ # define blk0(i) block32[i] #define blk(i) (block32[i&15] = rol(block32[(i+13)&15]^block32[(i+8)&15] \ ^block32[(i+2)&15]^block32[i&15],1)) /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5); \ w=rol(w,30); #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5); \ w=rol(w,30); #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5); \ w=rol(w,30); #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); /* Hash a single 512-bit block. This is the core of the algorithm. */ void SHA1Transform(uint32_t *state, const uint8_t *in) { uint32_t a, b, c, d, e; uint32_t block32[16]; /* convert/copy data to workspace */ for (a = 0; a < sizeof(block32)/sizeof(uint32_t); a++) block32[a] = ntohl (((const uint32_t *)in)[a]); /* Copy context->state[] to working vars */ a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; /* 4 rounds of 20 operations each. Loop unrolled. */ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 09:36:18PM -0500, Michael Griego wrote: > Try the attached patch to the sha1.c file and see if that takes care of > the problem. I've been working and coding on this all night, and I might have an answer. Seems that endianess isn't an issue - more probably the SHA1 code and macros, which confuse gcc (3.3, 2.95, etc.) on Alpha architecture. I'll give some arguments: I've tried adding SHA-1 NIST values into original sha1.c and testing if they're calculated properly - and they are *not*. Test values from Alpha-server (first is calculated row, then correct raw from documented test values): testgate:~/work/radius-patched-debug/src/lib# ./a.out 8aabe313 9782e9b6 6a63ed9e b080d335 a6bed204 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D <= correct 4493b602 0d8a65f9 0b8a9b27 5c4eebbb e735319c 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 <= correct ba0bb08d 919b3366 a1298140 268c5761 2ca67f3a 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F <= correct Test values from PC-based server (exact same code): esa1:/tmp/lib [6]$ ./a.out % 11:56 a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D <= correct 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 <= correct 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F <= correct However, there is an interesting thing - this implementation also fails (http://www.di-mgt.com.au/src/sha1.c.txt), and this one (http://www.deadhat.com/wlancrypto/sha1.c) passes first test, but fails miserably on second: wrong-> 48 66 d3 18 39 bd 08 ab 17 d8 d3 61 d3 c0 76 20 07 32 65 20 correct-> 84 98 3e 44 1c 3b d2 6e ba ae 4a a1 f9 51 29 e5 e5 46 70 f1 However, *this* one (http://www.cr0.net:8040/code/crypto/sha1/sha1.c) works like a charm (again, I've added some trivial debug output): 1 a9993e364706816aba3e25717850c26c9cd0d89d -> correct 2 84983e441c3bd26ebaae4aa1f95129e5e54670f1 -> correct 3 34aa973cd4c4daa4f61eeb2bdbad27316534016f -> correct I'll try rewriting original SHA1 FreeRADIUS code to see if it helps. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Whoops. I think that last patch had the endian conditions backwards... Try this one. --Mike On Thu, 2004-05-27 at 21:36, Michael Griego wrote: > Try the attached patch to the sha1.c file and see if that takes care of > the problem. > > --Mike --- sha1.c.save 2004-05-27 21:26:12.0 -0500 +++ sha1.c 2004-05-27 21:41:50.0 -0500 @@ -9,6 +9,7 @@ #include "autoconf.h" #include +#include #ifdef HAVE_SYS_TYPES_H #include @@ -24,14 +25,19 @@ #include "sha1.h" -#define blk0(i) (block->l[i] = htonl(block->l[i])) #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits /* blk0() and blk() perform the initial expand. */ /* I got the idea of expanding during the round function from SSLeay */ -#define blk0(i) (block->l[i] = htonl(block->l[i])) +# if __BYTE_ORDER == __BIG_ENDIAN +# define blk0(i) block->l[i] +# else /* __BYTE_ORDER == __LITTLE_ENDIAN */ +# define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +# endif + #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ ^block->l[(i+2)&15]^block->l[i&15],1))
Re: FreeRADIUS and mschapv2 problems
Try the attached patch to the sha1.c file and see if that takes care of the problem. --Mike On Thu, 2004-05-27 at 20:31, Dinko Korunic wrote: > On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote: > > As we can see, initial challenge calculation has gone wrong somewhere.. which > > is happening in challenge_hash(), function whish is strictly using OpenSSL SHA1 > > functions. Doh. I thought at least OpenSSL should be endian-clean.. > > To prove my wording, here is some more of debug info. Already first SHA1 hash > is different. However, I'm not sure if challenge-grabbing (20 octets) from end > SHA1-hash is wrong, or SHA1 is wrong.. Could anyone help? > > Unsuccessful: > CHAPDBG, challenge_hash: username aland > CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F > CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F > CHAPDBG, challenge_hash: sha1-1 41D03A478398AF4E7B18306592E77B8C8F99E76B > CHAPDBG, challenge_hash: sha1-2 88E8358965B10060C8BEEC85FA03A49E75CC0AAD > CHAPDBG, challenge_hash: sha1-3 E234830DFF297968936E5BA5A6022D31B32B2AE2 > CHAPDBG, challenge_hash: end hash 389A5773F16E40A37FFB45A5DAEC13829A709102 > CHAPDBG: challenge 389A5773F16E40A3 > CHAPDBG: calculated 0CCC41AB13690C2C83BA7D143C12D758D34762A2194D663F > CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > > Successful: > CHAPDBG, challenge_hash: username aland > CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F > CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F > CHAPDBG, challenge_hash: sha1-1 5C3F75DDA77EB61EF6D04B5045BDF661F4FA608C > CHAPDBG, challenge_hash: sha1-2 9502711A5B6468A0400D095480515D9610F327AC > CHAPDBG, challenge_hash: sha1-3 CC8E988B421E3260801E39F23C3CAA402C02F2B8 > CHAPDBG, challenge_hash: end hash CC8E988B421E3260801E39F23C3CAA402C02F2B8 > CHAPDBG: challenge CC8E988B421E3260 > CHAPDBG: calculated 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > rlm_mschap: adding MS-CHAPv2 MPPE keys --- sha1.c.save 2004-05-27 21:26:12.0 -0500 +++ sha1.c 2004-05-27 21:34:01.0 -0500 @@ -9,6 +9,7 @@ #include "autoconf.h" #include +#include #ifdef HAVE_SYS_TYPES_H #include @@ -24,14 +25,19 @@ #include "sha1.h" -#define blk0(i) (block->l[i] = htonl(block->l[i])) #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits /* blk0() and blk() perform the initial expand. */ /* I got the idea of expanding during the round function from SSLeay */ -#define blk0(i) (block->l[i] = htonl(block->l[i])) +# if __BYTE_ORDER == __BIG_ENDIAN +# define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +# else /* __BYTE_ORDER == __LITTLE_ENDIAN */ +# define blk0(i) block->l[i] +# endif + #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ ^block->l[(i+2)&15]^block->l[i&15],1))
Re: FreeRADIUS and mschapv2 problems
Looks like this might be an updated version of this file that handles endian issues: http://gtk-gnutella.sourceforge.net/tools/sha1/sha1.c --Mike On Thu, 2004-05-27 at 20:58, Michael Griego wrote: > The SHA1 functions are implemented in src/lib/sha1.c > > --Mike > > > On Thu, 2004-05-27 at 20:31, Dinko Korunic wrote: > > On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote: > > > As we can see, initial challenge calculation has gone wrong somewhere.. which > > > is happening in challenge_hash(), function whish is strictly using OpenSSL SHA1 > > > functions. Doh. I thought at least OpenSSL should be endian-clean.. > > > > To prove my wording, here is some more of debug info. Already first SHA1 hash > > is different. However, I'm not sure if challenge-grabbing (20 octets) from end > > SHA1-hash is wrong, or SHA1 is wrong.. Could anyone help? > > > > Unsuccessful: > > CHAPDBG, challenge_hash: username aland > > CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F > > CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F > > CHAPDBG, challenge_hash: sha1-1 41D03A478398AF4E7B18306592E77B8C8F99E76B > > CHAPDBG, challenge_hash: sha1-2 88E8358965B10060C8BEEC85FA03A49E75CC0AAD > > CHAPDBG, challenge_hash: sha1-3 E234830DFF297968936E5BA5A6022D31B32B2AE2 > > CHAPDBG, challenge_hash: end hash 389A5773F16E40A37FFB45A5DAEC13829A709102 > > CHAPDBG: challenge 389A5773F16E40A3 > > CHAPDBG: calculated 0CCC41AB13690C2C83BA7D143C12D758D34762A2194D663F > > CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > > > > Successful: > > CHAPDBG, challenge_hash: username aland > > CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F > > CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F > > CHAPDBG, challenge_hash: sha1-1 5C3F75DDA77EB61EF6D04B5045BDF661F4FA608C > > CHAPDBG, challenge_hash: sha1-2 9502711A5B6468A0400D095480515D9610F327AC > > CHAPDBG, challenge_hash: sha1-3 CC8E988B421E3260801E39F23C3CAA402C02F2B8 > > CHAPDBG, challenge_hash: end hash CC8E988B421E3260801E39F23C3CAA402C02F2B8 > > CHAPDBG: challenge CC8E988B421E3260 > > CHAPDBG: calculated 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > > CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > > rlm_mschap: adding MS-CHAPv2 MPPE keys > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
The SHA1 functions are implemented in src/lib/sha1.c --Mike On Thu, 2004-05-27 at 20:31, Dinko Korunic wrote: > On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote: > > As we can see, initial challenge calculation has gone wrong somewhere.. which > > is happening in challenge_hash(), function whish is strictly using OpenSSL SHA1 > > functions. Doh. I thought at least OpenSSL should be endian-clean.. > > To prove my wording, here is some more of debug info. Already first SHA1 hash > is different. However, I'm not sure if challenge-grabbing (20 octets) from end > SHA1-hash is wrong, or SHA1 is wrong.. Could anyone help? > > Unsuccessful: > CHAPDBG, challenge_hash: username aland > CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F > CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F > CHAPDBG, challenge_hash: sha1-1 41D03A478398AF4E7B18306592E77B8C8F99E76B > CHAPDBG, challenge_hash: sha1-2 88E8358965B10060C8BEEC85FA03A49E75CC0AAD > CHAPDBG, challenge_hash: sha1-3 E234830DFF297968936E5BA5A6022D31B32B2AE2 > CHAPDBG, challenge_hash: end hash 389A5773F16E40A37FFB45A5DAEC13829A709102 > CHAPDBG: challenge 389A5773F16E40A3 > CHAPDBG: calculated 0CCC41AB13690C2C83BA7D143C12D758D34762A2194D663F > CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > > Successful: > CHAPDBG, challenge_hash: username aland > CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F > CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F > CHAPDBG, challenge_hash: sha1-1 5C3F75DDA77EB61EF6D04B5045BDF661F4FA608C > CHAPDBG, challenge_hash: sha1-2 9502711A5B6468A0400D095480515D9610F327AC > CHAPDBG, challenge_hash: sha1-3 CC8E988B421E3260801E39F23C3CAA402C02F2B8 > CHAPDBG, challenge_hash: end hash CC8E988B421E3260801E39F23C3CAA402C02F2B8 > CHAPDBG: challenge CC8E988B421E3260 > CHAPDBG: calculated 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF > rlm_mschap: adding MS-CHAPv2 MPPE keys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote: > As we can see, initial challenge calculation has gone wrong somewhere.. which > is happening in challenge_hash(), function whish is strictly using OpenSSL SHA1 > functions. Doh. I thought at least OpenSSL should be endian-clean.. To prove my wording, here is some more of debug info. Already first SHA1 hash is different. However, I'm not sure if challenge-grabbing (20 octets) from end SHA1-hash is wrong, or SHA1 is wrong.. Could anyone help? Unsuccessful: CHAPDBG, challenge_hash: username aland CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F CHAPDBG, challenge_hash: sha1-1 41D03A478398AF4E7B18306592E77B8C8F99E76B CHAPDBG, challenge_hash: sha1-2 88E8358965B10060C8BEEC85FA03A49E75CC0AAD CHAPDBG, challenge_hash: sha1-3 E234830DFF297968936E5BA5A6022D31B32B2AE2 CHAPDBG, challenge_hash: end hash 389A5773F16E40A37FFB45A5DAEC13829A709102 CHAPDBG: challenge 389A5773F16E40A3 CHAPDBG: calculated 0CCC41AB13690C2C83BA7D143C12D758D34762A2194D663F CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Successful: CHAPDBG, challenge_hash: username aland CHAPDBG, challenge_hash: peer_challenge 202122232425262728292A2B2C2D2E2F CHAPDBG, challenge_hash: auth_challenge 303132333435363738393A3B3C3D3E3F CHAPDBG, challenge_hash: sha1-1 5C3F75DDA77EB61EF6D04B5045BDF661F4FA608C CHAPDBG, challenge_hash: sha1-2 9502711A5B6468A0400D095480515D9610F327AC CHAPDBG, challenge_hash: sha1-3 CC8E988B421E3260801E39F23C3CAA402C02F2B8 CHAPDBG, challenge_hash: end hash CC8E988B421E3260801E39F23C3CAA402C02F2B8 CHAPDBG: challenge CC8E988B421E3260 CHAPDBG: calculated 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF rlm_mschap: adding MS-CHAPv2 MPPE keys -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 05:03:26PM -0400, Alan DeKok wrote: > Dinko Korunic <[EMAIL PROTECTED]> wrote: > You can then run it on two machines, use 'grep' to pull out the > MSCHAP lines from the debug log, and then use 'diff' to see where > they differ. This will let you track down where the problem occurs. More/less I've done what you've told me to. I've hacked around rlm_mschap (code is at the end of mail) to verbosely print hex values of important values, and used FreeRADIUS radclient for proven correct attribute (sorry, I've used mine which succeeded in authorisation just to be sure) sending.. Attributes: User-Name=aland MS-CHAP-Challenge=0x303132333435363738393A3B3C3D3E3F MS-CHAP2-Response=0x3C00202122232425262728292A2B2C2D2E2F6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF Unsucessful log: CHAPDBG: challenge length 16 rlm_mschap: doing MS-CHAPv2 with NT-Password CHAPDBG: peer challenge 202122232425262728292A2B2C2D2E2F CHAPDBG: auth challenge 303132333435363738393A3B3C3D3E3F CHAPDBG: username aland CHAPDBG: nt password B8CB804B59CAB90FA682D579C7FD9009 CHAPDBG: challenge 6C7C02695D6C6D7F CHAPDBG: calculated 445D54B8A44023A305D59E18DCD6F78CCAA9E79046FB7601 CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Successful log: CHAPDBG: challenge length 16 rlm_mschap: doing MS-CHAPv2 with NT-Password CHAPDBG: peer challenge 202122232425262728292A2B2C2D2E2F CHAPDBG: auth challenge 303132333435363738393A3B3C3D3E3F CHAPDBG: username aland CHAPDBG: nt password B8CB804B59CAB90FA682D579C7FD9009 CHAPDBG: challenge CC8E988B421E3260 CHAPDBG: calculated 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF CHAPDBG: response 6649E30199C56F7B1413EBA10A19D963D03165C1AEA0EBBF As we can see, initial challenge calculation has gone wrong somewhere.. which is happening in challenge_hash(), function whish is strictly using OpenSSL SHA1 functions. Doh. I thought at least OpenSSL should be endian-clean.. === patch follows === --- rlm_mschap.c-orig 2004-05-28 02:23:53.0 +0200 +++ rlm_mschap.c2004-05-28 02:26:42.0 +0200 @@ -94,6 +94,17 @@ } } +char * bin2hex2 (const unsigned char *szBin, int len) +{ + int i; + static char szHex2[1024]; + for (i = 0; i < len; i++) { + szHex2[i<<1] = letters[szBin[i] >> 4]; + szHex2[(i<<1) + 1] = letters[szBin[i] & 0x0F]; + } + szHex2[(i<<1)] = 0; + return szHex2; +} /* Allowable account control bits */ #define ACB_DISABLED 0x0001 /* 1 = User account disabled */ @@ -233,11 +244,20 @@ char *response) { char challenge[8]; - + + DEBUG2("CHAPDBG: peer challenge %s", bin2hex2(peer_challenge, 16)); + DEBUG2("CHAPDBG: auth challenge %s", bin2hex2(auth_challenge, 16)); + DEBUG2("CHAPDBG: username %s", user_name); + DEBUG2("CHAPDBG: nt password %s", bin2hex2(nt_password, 16)); + challenge_hash(peer_challenge, auth_challenge, user_name, challenge); + DEBUG2("CHAPDBG: challenge %s", bin2hex2(challenge, 8)); + lrad_mschap(nt_password, challenge, response); + + DEBUG2("CHAPDBG: calculated %s", bin2hex2(response, 24)); } /* @@ -819,6 +839,7 @@ /* * MS-CHAPv2 challenges are 16 octets. */ + DEBUG2("CHAPDBG: challenge length %d", challenge->length); if (challenge->length < 16) { radlog(L_AUTH, "rlm_mschap: MS-CHAP-Challenge has the wrong format."); return RLM_MODULE_INVALID; @@ -853,6 +874,7 @@ mschap2(response->strvalue + 2, challenge->strvalue, request->username->strvalue, nt_password->strvalue, calculated); + DEBUG2("CHAPDBG: response %s", bin2hex2(response->strvalue + 26, 24)); if (memcmp(response->strvalue + 26, calculated, 24) != 0) { DEBUG2(" rlm_mschap: FAILED: MS-CHAP2-Response is incorrect"); add_reply(&request->reply->vps, *response->strvalue, -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Dinko Korunic <[EMAIL PROTECTED]> wrote: > I have, in fact. You're not going to like the answer - it seems that > current rlm_mschap isn't endian-clean. That's at least an explanation as to why it doesn't work. Now that we know that, it's possible to track down the problem. You can use the test attributes I posted earlier, and hack rlm_mschap so that it prints out a bunch of numbers it's calculated. e.g. MSCHAP: Step 1 879 MSCHAP: Step 2 58721674267 ... You can then run it on two machines, use 'grep' to pull out the MSCHAP lines from the debug log, and then use 'diff' to see where they differ. This will let you track down where the problem occurs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 01:55:52PM -0400, Alan DeKok wrote: > If that doesn't work, then I think there's something wrong with your > local install. Try it on another machine, and see if it's any > better. I have, in fact. You're not going to like the answer - it seems that current rlm_mschap isn't endian-clean. I've emptied all of the conf to have only PAP/CHAP/MSCHAP autorization and cleartext user/password pair in users file. I've tried again on that machine (Compaq Alpha DS10 with Linux 2.4.26) with no luck. I've copied that *exact* configuration on two other x86-based machines with same 0.9.3 Debian packages - and all works there. I've copied again that configuration on another Alpha-based server (an older DEC Alphastation 2/2100) and *surprise* it isn't working there. Since I've tried both CVS and 0.9.3 versions with no luck, seems that's either something to do with kernel (which I doubt, since I've turned off all protection for freeradius, just in case) or code or SSL functions you're using (SHA1 encryption, if I'm correct). -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 08:20:25PM +0200, M.Jessa wrote: > Don't use md5 or any other hashing protocol creating mysql passwords. > You will not be able to authenticate incoming MS-CHAPv2 connections > (already encrypted). I thought that's obvious - yes, I have cleartext passwords. If I didn't have, the stated protocols wouldn't work.. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Hello Dinko, Wednesday, May 26, 2004, 11:14:51 PM, you wrote: DK> Hi. I've been using FreeRadius recent CVS version to authenticate DK> wireless Windows XP/2k users via EAP and Cisco AP1000 series. I've so DK> far suceeded in EAP/TLS and EAP/TTLS, as well as with non-EAP modules DK> (PAP and CHAP) just to test if it is all properly setup. DK> However, I'm failing with EAP/PEAP. Certificates are fine (as stated DK> above), however MS-CHAPv2 (rlm_mschap) seems to be causing problems: DK> rlm_eap: Request found, released from the list DK> rlm_eap: EAP/mschapv2 DK> rlm_eap: processing type mschapv2 DK> Processing the authenticate section of radiusd.conf DK> modcall: entering group Auth-Type for request 6 Hi. Don't use md5 or any other hashing protocol creating mysql passwords. You will not be able to authenticate incoming MS-CHAPv2 connections (already encrypted). DK> rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password DK> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect DK> Passwords are stored in MySQL, but they're proven to be read correctly DK> (and I've tried with users file too). DK> I've read this list archives throughly, and I've tried most of the stuff DK> people were reporting. Is there anything else I could check? Should I DK> try with NT-hashed passwords? Should I try with auth_ntlm to debug chap DK> responses? DK> TIA. -- Best regards, M.Jessamailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Dinko Korunic <[EMAIL PROTECTED]> wrote: > > Are you sure you're running the latest CVS snapshot? > > Yeps, taken from CVS these days: Hmmm.. try: User-Name = "aland" MS-CHAP-Challenge = 0x06bc3119daab4d9bb26be8d3ae4d958b616c616e64 MS-CHAP2-Response = 0x54002726aa4c6f5935925a8c659c4c476e5fe0630fa5b3284eb1c9e06b824c50c20fd23eb9305b1c1d38 The clear-text password is "aland". If that doesn't work, then I think there's something wrong with your local install. Try it on another machine, and see if it's any better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[3]: FreeRADIUS and mschapv2 problems
Dear 3APA3A, --Thursday, May 27, 2004, 8:29:05 PM, you wrote to [EMAIL PROTECTED]: 3> Buffer hash nthash, additional md4() is required to get nthashhash from 3> nthash. Typo. I mean buffer _has_ (contains) nthash, to convert nthash to nthashhash additional MD4 is required. -- ~/ZARAZA Пока вы во власти провидения, вам не удастся умереть раньше срока. (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: FreeRADIUS and mschapv2 problems
Dear Dinko Korunic, --Thursday, May 27, 2004, 4:31:17 PM, you wrote to [EMAIL PROTECTED]: DK> NAS-IP-Address (4), Length: 6, Data: [# 3251018014] / [IP 127.0.0.2], 0xC1C DK> 6991E DK> User-Name (1), Length: 6, Data: [test], [# 1952805748] / [IP 116.101.115.116], 0 DK> x74657374 DK> How that *invalid* IP happened to be there? Isn't that a bug? From all the DK> info, seems that latest rlm_chap isn't working properly with MSCHAPv2. Is there DK> anything I can do? It's same problem. NAS-IP-Address has a length of 6 bytes, but it must be 4. Ask client software developers to correct this. -- ~/ZARAZA Ńóůĺńňâóţ ëčřü ˙ ńŕě, íčęóäŕ íĺ ëĺň˙. (Ëĺě) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: FreeRADIUS and mschapv2 problems
Dear Dinko Korunic, --Thursday, May 27, 2004, 4:31:17 PM, you wrote to [EMAIL PROTECTED]: DK> User-Name (1), Length: 6, Data: [test], [# 1952805748] / [IP DK> 116.101.115.116], 0 x74657374 Look at Length carefully. It must be 4 bytes, not 6, probably it's a bug of your client. Unlike MS-CHAPv1, MS-CHAPv2 uses username in response calculation. Your client adds some noise (probably nulls) to username, and probably uses additional bytes in response calculation (Java uses no NULLs in strings) while FreeRADIUS ignores trailing NULLs. -- ~/ZARAZA ×ĺëîâĺę ýňî ňŕéíŕ... ˙ çŕíčěŕţńü ýňîé ňŕéíîé ÷ňîáű áűňü ÷ĺëîâĺęîě. (Äîńňîĺâńęčé) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: FreeRADIUS and mschapv2 problems
Dear Alan DeKok, there is bug in MS-CHAPv2 if do_ntlm_auth configured: /* * Update the NT hash hash, from the NT key. */ if (hex2bin(buffer + 8, nthashhash, 16) != 16) { Buffer hash nthash, additional md4() is required to get nthashhash from nthash. I don't understand why nthashhash computation is moved to do_mschap, because it's only required in MS-CHAPv2. I have no chance to test, so I do not risk to apply patch by myself. This bug have nothing to do with problems discussed. --Thursday, May 27, 2004, 6:36:49 PM, you wrote to [EMAIL PROTECTED]: AD> Dinko Korunic <[EMAIL PROTECTED]> wrote: >> Unfortunately, I can confirm that I've been unsucessful with 4 different >> Windows boxes using MSCHAPv2 which have been using Java RADIUS client as >> well as XP supplicant (as well as SecureW2 supplicant). Yet, they're all >> working fine with MD5/CHAP/MSCHAPv1/PAP.. It could be my mistake, but >> I'm slightly running out of ideas what to do. AD> I've tested with the latest CVS snapshot, using a copy of an AD> MS-CHAPv2 session I've had sitting around for months, and which was AD> taken from a non-FreeRADIUS client. It works for me. AD> Are you sure you're running the latest CVS snapshot? AD> Alan DeKok. AD> - AD> List info/subscribe/unsubscribe? See AD> http://www.freeradius.org/list/users.html -- ~/ZARAZA Впрочем, важнее всего - алгоритм! (Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 10:36:49AM -0400, Alan DeKok wrote: > I've tested with the latest CVS snapshot, using a copy of an > MS-CHAPv2 session I've had sitting around for months, and which was > taken from a non-FreeRADIUS client. It works for me. > > Are you sure you're running the latest CVS snapshot? Yeps, taken from CVS these days: static const char rcsid[] = "$Id: rlm_mschap.c,v 1.58 2004/05/25 19:08:48 aland Exp $"; Here's some debug info from code I've added in mschap module. Please, tell me if it does help you: rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password rlm_mschap: peer challenge 43, our challenge 53, username test, chapv1 challenge 6 rlm_mschap: password c5, response a6, calculated c1 rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Source is here: diff -u -r1.58 rlm_mschap.c --- rlm_mschap.c25 May 2004 19:08:48 - 1.58 +++ rlm_mschap.c27 May 2004 15:27:11 - @@ -709,6 +709,7 @@ } lrad_mschap(password->strvalue, challenge, calculated); + DEBUG2(" rlm_mschap: password %x, response %x, calculated %x", *(password->strvalue), *response, *calculated); if (memcmp(response, calculated, 24) != 0) { return -1; } @@ -1190,6 +1191,7 @@ DEBUG2(" rlm_mschap: Told to do MS-CHAPv2 for %s with NT-Password", username_string); + DEBUG2(" rlm_mschap: peer challenge %x, our challenge %x, username %s, chapv1 challenge %x", *(response->strvalue + 2), *(challenge->strvalue), username_string, *mschapv1_challenge); if (do_mschap(inst, request, nt_password, mschapv1_challenge, response->strvalue + 26, nthashhash) < 0) { -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Dinko Korunic <[EMAIL PROTECTED]> wrote: > Unfortunately, I can confirm that I've been unsucessful with 4 different > Windows boxes using MSCHAPv2 which have been using Java RADIUS client as > well as XP supplicant (as well as SecureW2 supplicant). Yet, they're all > working fine with MD5/CHAP/MSCHAPv1/PAP.. It could be my mistake, but > I'm slightly running out of ideas what to do. I've tested with the latest CVS snapshot, using a copy of an MS-CHAPv2 session I've had sitting around for months, and which was taken from a non-FreeRADIUS client. It works for me. Are you sure you're running the latest CVS snapshot? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Thu, May 27, 2004 at 09:44:35AM -0400, Alan DeKok wrote: > Others are using MSCHAPv2 with the latest CVS snapshots. Are you > sure that the client is OK? Unfortunately, I can confirm that I've been unsucessful with 4 different Windows boxes using MSCHAPv2 which have been using Java RADIUS client as well as XP supplicant (as well as SecureW2 supplicant). Yet, they're all working fine with MD5/CHAP/MSCHAPv1/PAP.. It could be my mistake, but I'm slightly running out of ideas what to do. I'll try to add some debug into rlm_mschap and see what is exactly happening. > Look at it more closely. Whatever packet sniffer you're using is > crappy. It's printing out the username "test" as though it was an IP > address. Note that the first and last numbers are the same, and map > to the ASCII value for 't'. Yeps, you're absolutely right - seems like a bug in that Java client. Though, it is just a end-point packet dump. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
Dinko Korunic <[EMAIL PROTECTED]> wrote: > Using the radauth (Java-based demo RADIUS client available from > http://www.axlradius.com), I've been able to narrow problem the already > described problem: > * auth types of PAP, CHAP, EAPMD5, MSCHAP (v1) work fine, > * auth type of MSCHAPv2 doesn't work. Others are using MSCHAPv2 with the latest CVS snapshots. Are you sure that the client is OK? > I'm especially confused with following data, extracted from RADIUS response: > > User-Name (1), Length: 6, Data: [test], [# 1952805748] / [IP 116.101.115.116], 0 > x74657374 > > How that *invalid* IP happened to be there? Look at it more closely. Whatever packet sniffer you're using is crappy. It's printing out the username "test" as though it was an IP address. Note that the first and last numbers are the same, and map to the ASCII value for 't'. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and mschapv2 problems
On Wed, May 26, 2004 at 11:14:51PM +0200, Dinko Korunic wrote: > I've read this list archives throughly, and I've tried most of the stuff > people were reporting. Is there anything else I could check? Should I > try with NT-hashed passwords? Should I try with auth_ntlm to debug chap > responses? I'm posting the additional info on MSCHAPv2 problems with latest FreeRADIUS CVS.. in hope someone (Mr. DeKok?) would help me. Using the radauth (Java-based demo RADIUS client available from http://www.axlradius.com), I've been able to narrow problem the already described problem: * auth types of PAP, CHAP, EAPMD5, MSCHAP (v1) work fine, * auth type of MSCHAPv2 doesn't work. I'm positive I'm not sending any domain name, as following logs show (I've changed real IP's and DNS labels): First, I'll try sending MSCHAPv1 request: c:\Program Files\ntradping\theorem\radius3\examples\radauth>"C:\Program Files\Ja va\j2re1.4.1_02\\bin\java.exe" -classpath "..\..\radclient3.jar" com.theorem.rad ius3.radutil.radauth test test123 MSCHAP testhost 1 musaka Radtest running RADIUS client version 3.28 Non-Random Demonstration Version Authentication --- Authenticating: test test123 Sending to server testhost:1812 Sending Attributes: NAS-IP-Address (4), Length: 6, Data: [# 3251018014] / [IP 127.0.0.2], 0xC1C 6991E NAS-Port (5), Length: 6, Data: [# 1], 0x0001 <81> --- Request Packet - <81> Address: 127.0.0.1:1812 Packet Length: 112 Type: Access-Request(1) 01 51 00 70 52 53 54 55 - 56 57 58 59 5A 5B 5C 5D .Q.pRSTU - VWXYZ[\] 5E 5F 60 61 04 06 C1 C6 - 99 1E 05 06 00 00 00 01 ^_`a - 1A 10 00 00 01 37 0B 0A - 62 63 00 01 02 03 04 05 .7.. - bc.. 1A 3A 00 00 01 37 01 34 - 15 01 C4 26 DC 63 E3 B2 .:...7.4 - ...&.c.. CA 1F 07 48 91 B1 B9 F3 - 0B 3C 14 A3 22 BB A8 E3 ...H - .<.."... 15 B3 5F 88 EA E1 79 07 - 2B B4 B0 2C 5C 3D 19 54 .._...y. - +..,\=.T 54 36 0D 64 95 B8 00 04 - 3C EB 01 06 74 65 73 74 T6.d - <...test Attributes: NAS-IP-Address (4), Length: 6, Data: [# 3251018014] / [IP 127.0.0.2], 0xC1C 6991E NAS-Port (5), Length: 6, Data: [# 1], 0x0001 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-CHAP-Challenge (11), Length: 10, Data: 0x6263000102030405 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-CHAP-Response (1), Length: 52, Data: 0x1501C426DC63E3B2CA1F074891B1B9F30B3 C14A322BBA8E315B35F88EAE179072BB4B02C5C3D195454360D6495B800043CEB User-Name (1), Length: 6, Data: [test], [# 1952805748] / [IP 116.101.115.116], 0 x74657374 <81> --- <81> --- Response Packet - <81> Address: 127.0.0.1:1812 Packet Length: 84 Type: Access-Accept(2) 02 51 00 54 07 85 18 11 - A2 D3 DF ED FC 2D AC 3B .Q.T - .-.; 21 0C C2 10 1A 28 00 00 - 01 37 0C 22 A5 37 48 30 !(.. - .7.".7H0 DF 9E 11 F7 16 21 2A B1 - B0 FF EC 7F BE 29 8E E0 .!*. - .).. A7 4E 61 D8 3A 29 CD FB - 2A 36 6D 08 1A 0C 00 00 .Na.:).. - *6m. 01 37 07 06 00 00 00 01 - 1A 0C 00 00 01 37 08 06 .7.. - .7.. 00 00 00 06 00 00 00 00 - 00 00 00 00 00 00 00 00 - Attributes: Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-CHAP-MPPE-Keys (12), Length: 34, Data: 0xA5374830DF9E11F716212AB1B0FFEC7FB E298EE0A74E61D83A29CDFB2A366D08 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-MPPE-Encryption-Policy (7), Length: 6, Data: [# 1 (PPP)], 0x0001 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-MPPE-Encryption-Types (8), Length: 6, Data: [# 6], 0x0006 <81> --- Authenticated Attributes returned from server: Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-CHAP-MPPE-Keys (12), Length: 34, Data: 0xA5374830DF9E11F716212AB1B0FFEC7FB E298EE0A74E61D83A29CDFB2A366D08 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-MPPE-Encryption-Policy (7), Length: 6, Data: [# 1 (PPP)], 0x0001 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-MPPE-Encryption-Types (8), Length: 6, Data: [# 6], 0x0006 FreeRADIUS logs show us the success: modcall: group authorize returns ok for request 6 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: Told to do MS-CHAPv1 with NT-Password modcall[authenticate]: module "mschap" returns ok for request 6 modcall: group Auth-Type returns ok for request 6 Login OK: [test] (from client testgate port 1) Sending Access-Accept of id 91 to 127.0.0.2:3507 Let us now send an MSCHAPv2 request: c:\Program Files\ntradping\theorem\radius3\examples\radauth>"C:\Program Files\Ja va\j2re1.4.1_02\\bin\java.exe" -classpath "..\..\radclient3.jar" com.theorem.rad ius3.radutil.radauth test test123 MSCHAP2 testhost 1 musaka Radtest running RADIUS client version 3.28 Non-Random Demonst
FreeRADIUS and mschapv2 problems
Hi. I've been using FreeRadius recent CVS version to authenticate wireless Windows XP/2k users via EAP and Cisco AP1000 series. I've so far suceeded in EAP/TLS and EAP/TTLS, as well as with non-EAP modules (PAP and CHAP) just to test if it is all properly setup. However, I'm failing with EAP/PEAP. Certificates are fine (as stated above), however MS-CHAPv2 (rlm_mschap) seems to be causing problems: rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Passwords are stored in MySQL, but they're proven to be read correctly (and I've tried with users file too). I've read this list archives throughly, and I've tried most of the stuff people were reporting. Is there anything else I could check? Should I try with NT-hashed passwords? Should I try with auth_ntlm to debug chap responses? TIA. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://www.srce.hr/~kreator/ | http://kre.deviantart.com |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html