Re: Feeding ntlm_auth based on request environment variables

Thomas Boutell <boutell@boutell.com> wrote:
> OK, I've made tons of progress. Now I'm trying to run ntlm_auth from
> my own wrapper script, as suggested here. And I'm hitting a wall:
> The FreeRADIUS ntlm_auth module runs ntlm_auth with a parameter I can't
> find anywhere in the environment of my exec script.

Some of the MSCHAP stuff is calculated dynamically inside of the
server.

The MS-CHAP challenge & response data needed by ntlm_auth is packed
into the MS-CHAP-Challenge attributes. To get at them, you need to
run your script like this:

/path/to/script %{mschap:Challenge} %{mschap:NT-Response}

Then $1 and $2 will be set to the challene & response data.

> Can I really feed ntlm_auth myself based on the exec environment
> variables? Do I need to perform some sort of hash magic? Help! Thanks.

Yes, it's hash magic.

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html