X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=README.MSCHAP80;h=3fcd56684b76808e103523500322fdfa1efa784e;hp=fe7a019416dd70032500244bdf302d75fff565e5;hb=b53fa9272988e0ace18b07c689ab2a8f7765e5fe;hpb=c062322f9e8757b85a3c2281a3190d8af14bcd9b diff --git a/README.MSCHAP80 b/README.MSCHAP80 index fe7a019..3fcd566 100644 --- a/README.MSCHAP80 +++ b/README.MSCHAP80 @@ -162,7 +162,7 @@ Assuming that everything else has been configured correctly for PPP and CHAP, the MS-CHAP-specific problems you're likely to encounter are mostly related to your Windows NT account and its settings. A Microsoft server returns error codes in its CHAP response. The following are extracted from -Microsoft's "chapexts.txt" file referenced above: +RFC 2433: 646 ERROR_RESTRICTED_LOGON_HOURS 647 ERROR_ACCT_DISABLED @@ -192,76 +192,6 @@ from the other end. If you see pppd sending out LCP config requests without getting any reply, try putting something in your chat script to send the word CLIENT after the modem has connected. -If everything compiles cleanly, but fails at authentication time, then -it might be a case of the MD4 or DES code screwing up. The following -small program can be used to test the MS-CHAP code to see if it -produces a known response: - ------------------ -#include - -#include "pppd.h" -#include "chap.h" -#include "chap_ms.h" - -int main(argc, argv) - int argc; - char *argv[]; -{ - u_char challenge[8]; - int challengeInt[sizeof(challenge)]; - chap_state cstate; - int i; - - if (argc != 3) { - fprintf(stderr, "Usage: %s <16-hexchar challenge> \n", - argv[0]); exit(1); - } - - sscanf(argv[1], "%2x%2x%2x%2x%2x%2x%2x%2x", - challengeInt + 0, challengeInt + 1, challengeInt + 2, - challengeInt + 3, challengeInt + 4, challengeInt + 5, - challengeInt + 6, challengeInt + 7); - - for (i = 0; i < sizeof(challenge); i++) - challenge[i] = (u_char)challengeInt[i]; - - ChapMS(&cstate, challenge, sizeof(challenge), argv[2], strlen(argv[2])); - printf("Response length is %d, response is:", cstate.resp_length); - - for (i = 0; i < cstate.resp_length; i++) { - if (i % 8 == 0) - putchar('\n'); - printf("%02X ", (unsigned int)cstate.response[i]); - } - - putchar('\n'); - - exit(0); -} -------------- - -This needs to link against chap_ms.o, md4.o, and the DES library. When -you run it with the command line: - - $ testchap 00000000000000000000000000000000 hello - -it should output the following: - - Response length is 49, response is: - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - F4 D9 9D AF 82 64 DC 3C - 53 F9 BC 92 14 B5 5D 9E - 78 C4 21 48 9D B7 A8 B4 - 01 - -if not, then either the DES library is not working, the MD4 code isn't -working, or there are some problems with the port of the code in -chap_ms.c. - - STILL TO DO A site using only MS-CHAP to authenticate has no need to store cleartext