RE: MSChapSrvChangePassword2()

From: Mike Bean (bean_at_lucent.com)
Date: 09/15/03 

Date: Mon, 15 Sep 2003 10:53:42 -0700

Thanks Justin,

I've had to put this issue on the back burner, but when I
get back to it, I will open a support ticket. I'm
suspect very few developers are trying to use these MS-
CHAP calls given the headers in the SDK were incomplete.

Mike Bean
Lucent Technologies

>-----Original Message-----
>Hello Mike,
>
>I am not sure the client source code will help because
the cause likely
>comes from the server end instead of the client.
>
>Based on our discussion above, the parameter format
should be right if we
>pass false and two null values to the API.
>
>The meaning of error 997 is that overlapped I/O
operation is in progress.
>>From the information, we may assume that the client
sends authentication
>request to server via network but the server returns the
error to the
>client to indicates that there is I/O operation error.
>
>So to find out the root cause, you need have the client
code and radius
>service code you implemented and then debug these code.
>
>As you would understand, it is not convenient to review
and debug project
>code in newsgroup. I consulted the newsgroup owner in
our team. He provided
>such a suggestion:
>
>Due to the complexity of this issue, we are unable to
assist with this
>request in the newsgroups.
>For further assistance on this issue, please contact
Microsoft Product
>Support Services by telephone so that a dedicated
Support Professional can
>assist you further with your request. Please be advised
that contacting
>telephone support *will* be a charged call. However, if
you are simply
>requesting a hotfix, then charges are usually refunded
or waived.
>To obtain the telephone numbers for specific technology,
please review this
>web site:
>http://support.microsoft.com/default.aspx?scid=fh;EN-
US;PHONENUMBERS
>If you are outside the US, you can find regional
telephone support numbers
>at http://support.microsoft.com.
>
>If you have questions or concerns about this, please let
us know. Thank you!
>
>Regards,
>Justin Wan
>Microsoft Partner Online Support
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>--------------------
>| Content-Class: urn:content-classes:message
>| From: "Mike Bean" <bean@lucent.com>
>| Sender: "Mike Bean" <bean@lucent.com>
>| References: <01c001c36e67$2d131ce0$a501280a@phx.gbl>
><YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
><01a101c37176$9b9fda10$a301280a@phx.gbl>
><ECFtwDfcDHA.2396@cpmsftngxa06.phx.gbl>
><44CNLbocDHA.2396@cpmsftngxa06.phx.gbl>
><0f7101c3728f$1b2d0190$a001280a@phx.gbl>
><dVUJ9MtcDHA.460@cpmsftngxa06.phx.gbl>
>| Subject: RE: MSChapSrvChangePassword2()
>| Date: Tue, 9 Sep 2003 12:14:20 -0700
>| Lines: 292
>| Message-ID: <5a8001c37706$9289a830$a601280a@phx.gbl>
>| MIME-Version: 1.0
>| Content-Type: text/plain;
>| charset="iso-8859-1"
>| Content-Transfer-Encoding: 7bit
>| X-Newsreader: Microsoft CDO for Windows 2000
>| X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>| Thread-Index: AcN3BpKJB8QYk7/wTqGIgUsWWdUVlg==
>| Newsgroups: microsoft.public.platformsdk.security
>| Path: cpmsftngxa06.phx.gbl
>| Xref: cpmsftngxa06.phx.gbl
microsoft.public.platformsdk.security:2224
>| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
>| X-Tomcat-NG: microsoft.public.platformsdk.security
>|
>| I tried sending NT parameters in for the LM and
setting
>| LmPresent to false but I still get the error 997.
>|
>| I would love to send you some code but I will need to
>| convert some Java code to C. Current test scenario
has
>| Java creating parameters and passing to C via JNI.
All
>| my code relies on the algorithms specified the MS-CHAP
>| RFCs referenced eariler.
>|
>| This is one of a number of tasks I'm juggling so it
may
>| take a few days to get you some additional information.
>|
>| One answer that may help is what does error 997 mean
in
>| terms of MSChapSrvChangePassword2()?
>|
>| Thanks,
>|
>| Mike Bean
>| Lucent Technologies
>|
>| >-----Original Message-----
>| >I am not sure if you try LmPresent with false while
the
>| last two parameters
>| >with non-null value (for example, the same values as
>| >NewPasswordEncryptedWithOldNt and
>| OldNtOwfPasswordEncryptedWithNewNt).
>| >
>| >Is it related to the RADIUS server you implmented?
>| >
>| >Would you please provide some code to repro the issue?
>| >
>| >Regards,
>| >Justin Wan
>| >Microsoft Partner Online Support
>| >
>| >This posting is provided "AS IS" with no warranties,
and
>| confers no rights.
>| >--------------------
>| >| Content-Class: urn:content-classes:message
>| >| From: "Mike Bean" <bean@lucent.com>
>| >| Sender: "Mike Bean" <bean@lucent.com>
>| >| References: <01c001c36e67$2d131ce0
$a501280a@phx.gbl>
>| ><YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
>| ><01a101c37176$9b9fda10$a301280a@phx.gbl>
>| ><ECFtwDfcDHA.2396@cpmsftngxa06.phx.gbl>
>| ><44CNLbocDHA.2396@cpmsftngxa06.phx.gbl>
>| >| Subject: RE: MSChapSrvChangePassword2()
>| >| Date: Wed, 3 Sep 2003 19:49:05 -0700
>| >| Lines: 197
>| >| Message-ID: <0f7101c3728f$1b2d0190$a001280a@phx.gbl>
>| >| MIME-Version: 1.0
>| >| Content-Type: text/plain;
>| >| charset="iso-8859-1"
>| >| Content-Transfer-Encoding: 7bit
>| >| X-Newsreader: Microsoft CDO for Windows 2000
>| >| X-MimeOLE: Produced By Microsoft MimeOLE
>| V5.50.4910.0300
>| >| Thread-Index: AcNyjxstZbGfwd50QXWInubeJu3O7Q==
>| >| Newsgroups: microsoft.public.platformsdk.security
>| >| Path: cpmsftngxa06.phx.gbl
>| >| Xref: cpmsftngxa06.phx.gbl
>| microsoft.public.platformsdk.security:2145
>| >| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
>| >| X-Tomcat-NG: microsoft.public.platformsdk.security
>| >|
>| >| Thanks for the info. Since I tried passing zero
>| filled
>| >| arrays for the last two parameters (with LmPresent
set
>| to
>| >| FALSE) and received an error 997, there must be
>| something
>| >| else wrong. I'll triple check my code but I almost
>| >| certain I'm sending in properly formatted/encrypted
NT
>| >| values to the MSChapSrvChangePassword2 function.
Do
>| you
>| >| know what error 997 means when returned from
>| >| MSChapSrvChangePassword2?
>| >|
>| >| The reason I need to call MSChapSrvChangePassword2
is
>| to
>| >| support NT password changing via RADIUS
attributes.
>| See
>| >| the following RFCs:
>| >|
>| >| http://www.faqs.org/rfcs/rfc2548.html
>| >| http://www.faqs.org/rfcs/rfc2759.html
>| >| http://www.faqs.org/rfcs/rfc2433.html
>| >|
>| >| Mike
>| >|
>| >| >-----Original Message-----
>| >| >Hello Mike,
>| >| >
>| >| >None of the parameters can be NULL.
>| >| >
>| >| >However, it is possible to pass in a value
>| of "LmPresent
>| >| == FALSE",
>| >| >non-NULL values for NewPasswordEncryptedWithOldLm,
>| >| >OldLmOwfPasswordEncryptedWithNewLmOrNt and have
the
>| >| password change
>| >| >operation succeed. For example, you could pass in
>| the
>| >| same values as
>| >| >NewPasswordEncryptedWithOldNt and
>| >| OldNtOwfPasswordEncryptedWithNewNt. The
>| >| >last two parameters in the function are ignored
when
>| non-
>| >| NULL if LmPresent
>| >| >is FALSE.
>| >| >
>| >| >Arguably, MSChapSrvChangePassword2 should allow
the
>| >| final two parameters to
>| >| >be NULL if LmPresent is FALSE.
>| >| >
>| >| >I hope it helps.
>| >| >
>| >| >By the way, why are you using
>| MSChapSrvChangePassword2 ?
>| >| >
>| >| >Regards,
>| >| >Justin Wan
>| >| >Microsoft Partner Online Support
>| >| >
>| >| >This posting is provided "AS IS" with no
warranties,
>| and
>| >| confers no rights.
>| >| >--------------------
>| >| >| X-Tomcat-ID: 176804737
>| >| >| References: <01c001c36e67$2d131ce0
>| $a501280a@phx.gbl>
>| >| ><YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
>| >| ><01a101c37176$9b9fda10$a301280a@phx.gbl>
>| >| >| MIME-Version: 1.0
>| >| >| Content-Type: text/plain
>| >| >| Content-Transfer-Encoding: 7bit
>| >| >| From: justinew@online.microsoft.com ("Jun Wan")
>| >| >| Organization: Microsoft
>| >| >| Date: Wed, 03 Sep 2003 07:56:44 GMT
>| >| >| Subject: RE: MSChapSrvChangePassword2()
>| >| >| X-Tomcat-NG:
microsoft.public.platformsdk.security
>| >| >| Message-ID:
<ECFtwDfcDHA.2396@cpmsftngxa06.phx.gbl>
>| >| >| Newsgroups: microsoft.public.platformsdk.security
>| >| >| Lines: 85
>| >| >| Path: cpmsftngxa06.phx.gbl
>| >| >| Xref: cpmsftngxa06.phx.gbl
>| >| microsoft.public.platformsdk.security:2123
>| >| >| NNTP-Posting-Host: TOMCATIMPORT2 10.201.218.182
>| >| >|
>| >| >| Would you please have a look at the article?
>| >| >|
>| >| >| http://support.microsoft.com/default.aspx?
>| scid=kb;en-
>| >| us;299656
>| >| >|
>| >| >| I know the article would not answer your
questions
>| >| well, but at least it
>| >| >| will give your some background. I will perform
>| reseach
>| >| on the API and
>| >| >then
>| >| >| update you later.
>| >| >|
>| >| >| Regards,
>| >| >| Justin Wan
>| >| >| Microsoft Partner Online Support
>| >| >|
>| >| >| This posting is provided "AS IS" with no
>| warranties,
>| >| and confers no
>| >| >rights.
>| >| >| --------------------
>| >| >| | Content-Class: urn:content-classes:message
>| >| >| | From: "Mike Bean" <bean@lucent.com>
>| >| >| | Sender: "Mike Bean" <bean@lucent.com>
>| >| >| | References: <01c001c36e67$2d131ce0
>| $a501280a@phx.gbl>
>| >| >| <YIxy6HTcDHA.2116@cpmsftngxa06.phx.gbl>
>| >| >| | Subject: RE: MSChapSrvChangePassword2()
>| >| >| | Date: Tue, 2 Sep 2003 10:21:12 -0700
>| >| >| | Lines: 64
>| >| >| | Message-ID: <01a101c37176$9b9fda10
>| $a301280a@phx.gbl>
>| >| >| | MIME-Version: 1.0
>| >| >| | Content-Type: text/plain;
>| >| >| | charset="iso-8859-1"
>| >| >| | Content-Transfer-Encoding: 7bit
>| >| >| | X-Newsreader: Microsoft CDO for Windows 2000
>| >| >| | Thread-Index: AcNxdpuf80B9fa3ES1aLfE2KGwBV1A==
>| >| >| | X-MimeOLE: Produced By Microsoft MimeOLE
>| >| V5.50.4910.0300
>| >| >| | Newsgroups:
microsoft.public.platformsdk.security
>| >| >| | Path: cpmsftngxa06.phx.gbl
>| >| >| | Xref: cpmsftngxa06.phx.gbl
>| >| microsoft.public.platformsdk.security:2112
>| >| >| | NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
>| >| >| | X-Tomcat-NG:
microsoft.public.platformsdk.security
>| >| >| |
>| >| >| | Some additional information, if I send two
zero
>| >| filled
>| >| >| | arrays for the LM parameters I get an error
997
>| and
>| >| if I
>| >| >| | call the fuction a second time I get a access
>| >| violation.
>| >| >| |
>| >| >| | Thanks,
>| >| >| |
>| >| >| | Mike
>| >| >| |
>| >| >| | >-----Original Message-----
>| >| >| | >Hello Mike,
>| >| >| | >
>| >| >| | >I have read your question and am collecting
some
>| >| >| | information for you and
>| >| >| | >will update you soon.
>| >| >| | >
>| >| >| | >Regards,
>| >| >| | >Justin Wan
>| >| >| | >Microsoft Partner Online Support
>| >| >| | >
>| >| >| | >This posting is provided "AS IS" with no
>| >| warranties, and
>| >| >| | confers no rights.
>| >| >| | >--------------------
>| >| >| | >| Content-Class: urn:content-classes:message
>| >| >| | >| From: "Mike Bean" <bean@lucent.com>
>| >| >| | >| Sender: "Mike Bean" <bean@lucent.com>
>| >| >| | >| Subject: MSChapSrvChangePassword2()
>| >| >| | >| Date: Fri, 29 Aug 2003 12:53:11 -0700
>| >| >| | >| Lines: 13
>| >| >| | >| Message-ID: <01c001c36e67$2d131ce0
>| >| $a501280a@phx.gbl>
>| >| >| | >| MIME-Version: 1.0
>| >| >| | >| Content-Type: text/plain;
>| >| >| | >| charset="iso-8859-1"
>| >| >| | >| Content-Transfer-Encoding: 7bit
>| >| >| | >| X-Newsreader: Microsoft CDO for Windows 2000
>| >| >| | >| X-MimeOLE: Produced By Microsoft MimeOLE
>| >| >| | V5.50.4910.0300
>| >| >| | >| Thread-Index:
AcNuZy0TRbPn57GzQlSkjw+y5m7DfQ==
>| >| >| | >| Newsgroups:
>| microsoft.public.platformsdk.security
>| >| >| | >| Path: cpmsftngxa06.phx.gbl
>| >| >| | >| Xref: cpmsftngxa06.phx.gbl
>| >| >| | microsoft.public.platformsdk.security:2046
>| >| >| | >| NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>| >| >| | >| X-Tomcat-NG:
>| microsoft.public.platformsdk.security
>| >| >| | >|
>| >| >| | >| I having trouble calling
>| MSChapSrvChangePassword2
>| >| ().
>| >| >| | I
>| >| >| | >| have implemented a RADIUS server that
supports
>| MS-
>| >| >| | CHAP2-
>| >| >| | >| CPW (Password changing). I have a MS-CHAP-
NT-
>| Enc-
>| >| Pw
>| >| >| | >| attribute but not a MS-CHAP-LM-Enc-Pw
>| attribute.
>| >| When
>| >| >| | I
>| >| >| | >| call MSChapSrvChangePassword2() and send
NULL
>| for
>| >| last
>| >| >| | >| two LM parameters, I get status 87
>| >| (INVALID_PARAMETER)
>| >| >| | >| returned. If NULL values are not
acceptible
>| for
>| >| these
>| >| >| | >| parameters then what should I send?
>| >| >| | >|
>| >| >| | >| Much thanks,
>| >| >| | >|
>| >| >| | >| Mike Bean
>| >| >| | >| Lucent Technologies
>| >| >| | >|
>| >| >| | >
>| >| >| | >.
>| >| >| | >
>| >| >| |
>| >| >|
>| >| >|
>| >| >
>| >| >.
>| >| >
>| >|
>| >
>| >.
>| >
>|
>
>.
>

Relevant Pages

  • RE: Outlook does not find name in addess list - exchange
    ... For the client workstion's OS is a non-English version, ... contact the local CSS for support. ... Microsoft CSS Online Newsgroup Support ... Please check the RPC_Binding_Order registry value on the machine. ...
    (microsoft.public.windows.server.sbs)
  • Re: Two access points in same house
    ... disable the wireless client, wait a few minutes, turn on the wireless ... customers with lots of systems with identical SSID on each AP. ... Dlinks support people, they are the biggest asses I have ever tried to ... I recently had to ask for an unreleased firmware image from one ...
    (alt.internet.wireless)
  • Re: 64 bit C# trying to call a 32 bit CPP ATL Service
    ... the process space of the client application. ... HKEY_CLASSES_ROOT\CLSID registry key, ... We build a 64bit version of the ATL service, ... Microsoft Online Community Support ...
    (microsoft.public.vc.atl)
  • RE: SOAP .Net client wrapper questions
    ... Async operation with the webservice ... a common cause is the XML serialization ... pregenerate some XML serialization assembly for webservice client. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)
  • RE: WCF Security Issue
    ... ** Is your WCF service designed to use domain ... both wsHttpbinding and netTcpBinding support message ... Then, for your WCF client, you can use the current logon user's credential ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)