Managing to get Password from EAP-Message as part of NPS Authentication DLL RRS feed

  • Question

  • Hi,

    We are currently involved in a project which requires authentication to be done using a local database, instead of using (NPS + Active Directory ) combination for user authentication through RADIUS.

    When we took a wireshark snapshot of the RADIUS exchanges (for EAP over RADIUS use-case) , we saw the EAP-Message being exchanged between NPS and the NAS Server.  This header value is also shipped to our Extension Authentication DLL by NPS. 

    We want to know what is expected to be the content of this EAP-Message header? 

    The content seems to contain <some secret code><SPACE><username>.  We want to know the significance of the content.

    We want to get the cleartext password out of this content for validating with our local database to 'allow' or 'reject' the user.  Is it possible at all?  If yes, please let us know the procedure?

      Our snapshot of RADIUS Attributes showed something like this inside our Authentication DLL:



        cbSize         = 32

        dwVersion      = 1

        repPoint       = repAuthentication

        rcRequestType  = 1:rcAccessRequest

        rcResponseType = 0:rcUnknown


         0]  12:FramedMTU  3:Integer  L=4   0x000005C8 (1480)

         1]   4:NASIPAddre 2:Address  L=4

         2]  32:NASIdentif 1:String   L=22  "Switch 5406"

         3]   1:UserName   1:String   L=8   "pravekum"

         4]   6:ServiceTyp 3:Integer  L=4   0x00000002 (2)

         5]   7:FramedProt 3:Integer  L=4   0x00000001 (1)

         6]   5:NASPort    3:Integer  L=4   0x0000000F (15)

         7]  61:NASPortTyp 3:Integer  L=4   0x0000000F (15)

         8]  87:<unknown>  1:String   L=3   "A15"

         9]  30:CalledStat 1:String   L=17  "00-1f-28-50-4f-00"

        10]  31:CallingSta 1:String   L=17  "00-1f-28-50-4f-00"

        11]  77:<unknown>  1:String   L=37  "CONNECT Ethernet 1000Mbps Full duplex"

        12]  64:TunnelType 3:Integer  L=4   0x0000000D (13)

        13]  65:MediumType 3:Integer  L=4   0x00000006 (6)

        14]  81:TunnelPriv 1:String   L=4   "2865"

        15]  79:<unknown>  1:String   L=13  0201000D01 "pravekum"

        16]  80:<unknown>  1:String   L=16  49396719F1E804313DD453D1E81B9508

        17] 265:SrcIPAddre 2:Address  L=4

        18] 266:SrcPort    3:Integer  L=4   0x0000FBB7 (64439)

        19] 263:Identifier 3:Integer  L=4   0x00000028 (40)

        20] 264:Authentica 1:String   L=16  AFB6CD73F3219B85D21074DFE2B74208

        21] 267:Provider   3:Integer  L=4   0x00000003 (3)

        22] 275:CRPPolicyN 1:String   L=41  "Use Windows authentication for all users"

        23] 268:StrippedUs 1:String   L=13  "TMS\pravekum"

        24] 269:FQUserName 1:String   L=13  "TMS\pravekum"

        24]  26:VendorSpec 1:String   L=10  vid=MS vt=9 vL=4 0000000B

        26] 271:UniqueId   3:Integer  L=4   0x0000000F (15)


    Thanks and Regards


    Friday, October 22, 2010 11:41 AM

All replies