RE: MSChapSrvChangePassword2()
From: Mike Bean (bean_at_lucent.com)
Date: 09/09/03
- Next message: Michael Virgil: "CertGetCertificateChain() - CERT_TRUST_HAS_PREFERRED_ISSUER"
- Previous message: Michel Gallant: "Re: Get Authority Key Identifier"
- In reply to: Jun Wan: "RE: MSChapSrvChangePassword2()"
- Next in thread: Jun Wan: "RE: MSChapSrvChangePassword2()"
- Reply: Jun Wan: "RE: MSChapSrvChangePassword2()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Sep 2003 12:14:20 -0700
I tried sending NT parameters in for the LM and setting
LmPresent to false but I still get the error 997.
I would love to send you some code but I will need to
convert some Java code to C. Current test scenario has
Java creating parameters and passing to C via JNI. All
my code relies on the algorithms specified the MS-CHAP
RFCs referenced eariler.
This is one of a number of tasks I'm juggling so it may
take a few days to get you some additional information.
One answer that may help is what does error 997 mean in
terms of MSChapSrvChangePassword2()?
Thanks,
Mike Bean
Lucent Technologies
>-----Original Message-----
>I am not sure if you try LmPresent with false while the
last two parameters
>with non-null value (for example, the same values as
>NewPasswordEncryptedWithOldNt and
OldNtOwfPasswordEncryptedWithNewNt).
>
>Is it related to the RADIUS server you implmented?
>
>Would you please provide some code to repro the issue?
>
>Regards,
>Justin Wan
>Microsoft Partner Online Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>--------------------
>| Content-Class: urn:content-classes:message
>| From: "Mike Bean" <bean@lucent.com>
>| Sender: "Mike Bean" <bean@lucent.com>
>| References: <01c001c36e67$2d131ce0$a501280a@phx.gbl>
><YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
><01a101c37176$9b9fda10$a301280a@phx.gbl>
><ECFtwDfcDHA.2396@cpmsftngxa06.phx.gbl>
><44CNLbocDHA.2396@cpmsftngxa06.phx.gbl>
>| Subject: RE: MSChapSrvChangePassword2()
>| Date: Wed, 3 Sep 2003 19:49:05 -0700
>| Lines: 197
>| Message-ID: <0f7101c3728f$1b2d0190$a001280a@phx.gbl>
>| MIME-Version: 1.0
>| Content-Type: text/plain;
>| charset="iso-8859-1"
>| Content-Transfer-Encoding: 7bit
>| X-Newsreader: Microsoft CDO for Windows 2000
>| X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>| Thread-Index: AcNyjxstZbGfwd50QXWInubeJu3O7Q==
>| Newsgroups: microsoft.public.platformsdk.security
>| Path: cpmsftngxa06.phx.gbl
>| Xref: cpmsftngxa06.phx.gbl
microsoft.public.platformsdk.security:2145
>| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
>| X-Tomcat-NG: microsoft.public.platformsdk.security
>|
>| Thanks for the info. Since I tried passing zero
filled
>| arrays for the last two parameters (with LmPresent set
to
>| FALSE) and received an error 997, there must be
something
>| else wrong. I'll triple check my code but I almost
>| certain I'm sending in properly formatted/encrypted NT
>| values to the MSChapSrvChangePassword2 function. Do
you
>| know what error 997 means when returned from
>| MSChapSrvChangePassword2?
>|
>| The reason I need to call MSChapSrvChangePassword2 is
to
>| support NT password changing via RADIUS attributes.
See
>| the following RFCs:
>|
>| http://www.faqs.org/rfcs/rfc2548.html
>| http://www.faqs.org/rfcs/rfc2759.html
>| http://www.faqs.org/rfcs/rfc2433.html
>|
>| Mike
>|
>| >-----Original Message-----
>| >Hello Mike,
>| >
>| >None of the parameters can be NULL.
>| >
>| >However, it is possible to pass in a value
of "LmPresent
>| == FALSE",
>| >non-NULL values for NewPasswordEncryptedWithOldLm,
>| >OldLmOwfPasswordEncryptedWithNewLmOrNt and have the
>| password change
>| >operation succeed. For example, you could pass in
the
>| same values as
>| >NewPasswordEncryptedWithOldNt and
>| OldNtOwfPasswordEncryptedWithNewNt. The
>| >last two parameters in the function are ignored when
non-
>| NULL if LmPresent
>| >is FALSE.
>| >
>| >Arguably, MSChapSrvChangePassword2 should allow the
>| final two parameters to
>| >be NULL if LmPresent is FALSE.
>| >
>| >I hope it helps.
>| >
>| >By the way, why are you using
MSChapSrvChangePassword2 ?
>| >
>| >Regards,
>| >Justin Wan
>| >Microsoft Partner Online Support
>| >
>| >This posting is provided "AS IS" with no warranties,
and
>| confers no rights.
>| >--------------------
>| >| X-Tomcat-ID: 176804737
>| >| References: <01c001c36e67$2d131ce0
$a501280a@phx.gbl>
>| ><YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
>| ><01a101c37176$9b9fda10$a301280a@phx.gbl>
>| >| MIME-Version: 1.0
>| >| Content-Type: text/plain
>| >| Content-Transfer-Encoding: 7bit
>| >| From: justinew@online.microsoft.com ("Jun Wan")
>| >| Organization: Microsoft
>| >| Date: Wed, 03 Sep 2003 07:56:44 GMT
>| >| Subject: RE: MSChapSrvChangePassword2()
>| >| X-Tomcat-NG: microsoft.public.platformsdk.security
>| >| Message-ID: <ECFtwDfcDHA.2396@cpmsftngxa06.phx.gbl>
>| >| Newsgroups: microsoft.public.platformsdk.security
>| >| Lines: 85
>| >| Path: cpmsftngxa06.phx.gbl
>| >| Xref: cpmsftngxa06.phx.gbl
>| microsoft.public.platformsdk.security:2123
>| >| NNTP-Posting-Host: TOMCATIMPORT2 10.201.218.182
>| >|
>| >| Would you please have a look at the article?
>| >|
>| >| http://support.microsoft.com/default.aspx?
scid=kb;en-
>| us;299656
>| >|
>| >| I know the article would not answer your questions
>| well, but at least it
>| >| will give your some background. I will perform
reseach
>| on the API and
>| >then
>| >| update you later.
>| >|
>| >| Regards,
>| >| Justin Wan
>| >| Microsoft Partner Online Support
>| >|
>| >| This posting is provided "AS IS" with no
warranties,
>| and confers no
>| >rights.
>| >| --------------------
>| >| | Content-Class: urn:content-classes:message
>| >| | From: "Mike Bean" <bean@lucent.com>
>| >| | Sender: "Mike Bean" <bean@lucent.com>
>| >| | References: <01c001c36e67$2d131ce0
$a501280a@phx.gbl>
>| >| <YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
>| >| | Subject: RE: MSChapSrvChangePassword2()
>| >| | Date: Tue, 2 Sep 2003 10:21:12 -0700
>| >| | Lines: 64
>| >| | Message-ID: <01a101c37176$9b9fda10
$a301280a@phx.gbl>
>| >| | MIME-Version: 1.0
>| >| | Content-Type: text/plain;
>| >| | charset="iso-8859-1"
>| >| | Content-Transfer-Encoding: 7bit
>| >| | X-Newsreader: Microsoft CDO for Windows 2000
>| >| | Thread-Index: AcNxdpuf80B9fa3ES1aLfE2KGwBV1A==
>| >| | X-MimeOLE: Produced By Microsoft MimeOLE
>| V5.50.4910.0300
>| >| | Newsgroups: microsoft.public.platformsdk.security
>| >| | Path: cpmsftngxa06.phx.gbl
>| >| | Xref: cpmsftngxa06.phx.gbl
>| microsoft.public.platformsdk.security:2112
>| >| | NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
>| >| | X-Tomcat-NG: microsoft.public.platformsdk.security
>| >| |
>| >| | Some additional information, if I send two zero
>| filled
>| >| | arrays for the LM parameters I get an error 997
and
>| if I
>| >| | call the fuction a second time I get a access
>| violation.
>| >| |
>| >| | Thanks,
>| >| |
>| >| | Mike
>| >| |
>| >| | >-----Original Message-----
>| >| | >Hello Mike,
>| >| | >
>| >| | >I have read your question and am collecting some
>| >| | information for you and
>| >| | >will update you soon.
>| >| | >
>| >| | >Regards,
>| >| | >Justin Wan
>| >| | >Microsoft Partner Online Support
>| >| | >
>| >| | >This posting is provided "AS IS" with no
>| warranties, and
>| >| | confers no rights.
>| >| | >--------------------
>| >| | >| Content-Class: urn:content-classes:message
>| >| | >| From: "Mike Bean" <bean@lucent.com>
>| >| | >| Sender: "Mike Bean" <bean@lucent.com>
>| >| | >| Subject: MSChapSrvChangePassword2()
>| >| | >| Date: Fri, 29 Aug 2003 12:53:11 -0700
>| >| | >| Lines: 13
>| >| | >| Message-ID: <01c001c36e67$2d131ce0
>| $a501280a@phx.gbl>
>| >| | >| MIME-Version: 1.0
>| >| | >| Content-Type: text/plain;
>| >| | >| charset="iso-8859-1"
>| >| | >| Content-Transfer-Encoding: 7bit
>| >| | >| X-Newsreader: Microsoft CDO for Windows 2000
>| >| | >| X-MimeOLE: Produced By Microsoft MimeOLE
>| >| | V5.50.4910.0300
>| >| | >| Thread-Index: AcNuZy0TRbPn57GzQlSkjw+y5m7DfQ==
>| >| | >| Newsgroups:
microsoft.public.platformsdk.security
>| >| | >| Path: cpmsftngxa06.phx.gbl
>| >| | >| Xref: cpmsftngxa06.phx.gbl
>| >| | microsoft.public.platformsdk.security:2046
>| >| | >| NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>| >| | >| X-Tomcat-NG:
microsoft.public.platformsdk.security
>| >| | >|
>| >| | >| I having trouble calling
MSChapSrvChangePassword2
>| ().
>| >| | I
>| >| | >| have implemented a RADIUS server that supports
MS-
>| >| | CHAP2-
>| >| | >| CPW (Password changing). I have a MS-CHAP-NT-
Enc-
>| Pw
>| >| | >| attribute but not a MS-CHAP-LM-Enc-Pw
attribute.
>| When
>| >| | I
>| >| | >| call MSChapSrvChangePassword2() and send NULL
for
>| last
>| >| | >| two LM parameters, I get status 87
>| (INVALID_PARAMETER)
>| >| | >| returned. If NULL values are not acceptible
for
>| these
>| >| | >| parameters then what should I send?
>| >| | >|
>| >| | >| Much thanks,
>| >| | >|
>| >| | >| Mike Bean
>| >| | >| Lucent Technologies
>| >| | >|
>| >| | >
>| >| | >.
>| >| | >
>| >| |
>| >|
>| >|
>| >
>| >.
>| >
>|
>
>.
>
- Next message: Michael Virgil: "CertGetCertificateChain() - CERT_TRUST_HAS_PREFERRED_ISSUER"
- Previous message: Michel Gallant: "Re: Get Authority Key Identifier"
- In reply to: Jun Wan: "RE: MSChapSrvChangePassword2()"
- Next in thread: Jun Wan: "RE: MSChapSrvChangePassword2()"
- Reply: Jun Wan: "RE: MSChapSrvChangePassword2()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
