Multiotp can not get "NT_KEY"
Hello.
I'm trying to setup multiOTP + FreeRADIUS on CentOS 7.
When I run "radtest -t mschap testuser 12345 127.0.0.1 0 testing123"
multiotpmschap module returns "Invalid output from ntlm_auth: expecting 'NT_KEY: ' prefix"
However, accoding to debug message of FreeRADIUS, NT_KEY is sent to the RADIUS server.
here is the debug message of FreeRADIUS
--------------------------------------
PHP Warning: Module 'mbstring' already loaded in Unknown on line 0
(2) multiotpmschap: Program returned code (0) and output
' LOG 2018-01-31 05:02:56 debug Debug Debug: *parameter(s) received: testuser -request-nt-key -src=127.0.0.1 -chap-challenge= -chap-password= -ms-chap-challenge=0xe97a929a59d92dad -ms-chap-response=0x00010000000000000000000000000000000000000000000000005b75a41bac340aaf047b4c89de0aa20756fbcc9baf3ebb6c -ms-chap2-response= from 127.0.0.1
LOG 2018-01-31 05:02:56 notice (user testuser) User OK: User testuser successfully logged in with TOTP token from 127.0.0.1 0 *OK: Token accepted
LOG 2018-01-31 05:02:56 debug Debug Debug: *Attributes sent to the RADIUS server: NT_KEY: E006844848290D66C085C096E8982A56 from 127.0.0.1 NT_KEY: E006844848290D66C085C096E8982A56 '
(2) multiotpmschap: ERROR: Invalid output from ntlm_auth: expecting 'NT_KEY: ' prefix
(2) multiotpmschap: ERROR: MS-CHAP2-Response is incorrect
--------------------------------------
My goal is to connect 802.1X network, entering username and one_time_password. (donot need ActiveDirectory password)
I syncd multiotp users from Active Directory, and /usr/bin/ntlm_auth is OK.
I thought problem is coused by encoding.
Becouse I set [mbstring.internal_encoding] of /etc/php.ini "UTF-8"
but multiotp write in EUC,
so I changed php.ini to EUC, but not effected...
Why multiotpmschap module cannot see NT_KEY ?
[Products versions]
CentOS Linux release 7.4.1708 (Core)
multiOTP 5.0.4.8
freeradius.x86_64 3.0.13-8.el7_4
PHP Version 5.4.16
Thanks.
This discussion has been closed.
Comments