Frreradius PAP and CHAP

Jian Wang jwang at a10networks.com.cn
Wed Jun 20 03:12:27 CEST 2007 

On 6/20/07, hao chen <chenhao602 at gmail.com> wrote:
>
> Hi,Ivan
>
>        I want to know how to test CHAP with radclient(I have no NAS).
> Could you give me a example of the radclient configure file?
>         Thank you.
> -chenhao
>

$ cat request.txt
User-Name = foo
CHAP-Password = bar
$ radclient -sx -f request.txt <radius server> auth <shared secret>
Sending Access-Request of id 116 to 192.168.3.38:1812
        User-Name = "foo"
        CHAP-Password = 0x74f42a8e4b2b3f0505ad6ed22ba980a20e
rad_recv: Access-Accept packet from host 192.168.3.38:1812, id=116,
length=20

           Total approved auths:  1
             Total denied auths:  0
               Total lost auths:  0
$

2007/6/20, tnt at kalik.co.yu <tnt at kalik.co.yu>:
> >
> > No, not with radtest. You can use radclient, which has much more
> > ability,
> > but is also more complicated.
> >
> > Use, for instance, XP dialup connection. In connection properties click
> > on Security tab, Advanced radio button and then Settings button. By
> > default all protocols are ticked. Leave only CHAP ticked and exit with
> > OK. Once you are done with testing remember to go back and add protocols
> > back.
> >
> > WARNING: This will work only if the NAS you are connecting through also
> > supports CHAP authentication. If it doesn't, XP client with only CHAP
> > enabled won't be able to connect.
> >
> > Ivan Kalik
> > Kalik Informatika ISP
> >
> >
> > Dana 19/6/2007, "lisa laam" <laam.lisa at gmail.com> piše:
> >
> > >thanks,
> > >
> > >Is there  a way to test CHAP?
> > >
> > >could we test that with "radtest"?
> > >
> > >
> > >
> > >
> > >2007/6/19, tnt at kalik.co.yu < tnt at kalik.co.yu>:
> > >>
> > >> Have a look at dictionary.freeradius.internal. You will find several
> > >> xxx-Password attributes where xxx are supported encryption types.
> > >>
> > >> To test CHAP you don't need to "tell" Freeradius anything. Chap
> > module
> > >> is enabled by default, so it will work if you havent diabled it. What
> > >> you need to do is to get the client to use CHAP - radius server will
> > >> "follow".
> > >>
> > >> Ivan Kalik
> > >> Kalik Informatika ISP
> > >>
> > >>
> > >> Dana 19/6/2007, "lisa laam" <laam.lisa at gmail.com> pi e:
> > >>
> > >> >Hi,
> > >> >
> > >> >I configured Freeradius to use PAP method with users file.
> > >> >The password is stored in clear text is stored in clear text in the
> > user
> > >> >file and it works well.
> > >> >
> > >> >Now I want to use other mode of user storing with PAP method.
> > (exemple
> > >> MD5
> > >> >with the user file locatedt in /freeradius-1.1.6
> > >> /src/tests/digest-auth-MD5)
> > >> >
> > >> >1- How to tell frreeradius that the user password  is stored in
> > clear
> > >> text,
> > >> >or digest, or MD5 hashed, etc ??
> > >> >I tried to copy the content of "digest-auth-MD5" in the "users" file
> > and
> > >> I
> > >> >got this errror :
> > >> >
> > >> >Errors reading /opt/freeradius/etc/raddb/users
> > >> >radiusd.conf[1067]: files: Module instantiation failed.
> > >> >radiusd.conf [1852] Unknown module "files".
> > >> >radiusd.conf[1788] Failed to parse authorize section.
> > >> >
> > >> >
> > >> >I want to test also CHAP method, how to tell radius to use this
> > method in
> > >> >stead of PAP?
> > >> >
> > >> >
> > >> >thanks
> > >> >
> > >> >
> > >>
> > >> -
> > >> List info/subscribe/unsubscribe? See
> > >> http://www.freeradius.org/list/users.html
> > >>
> > >
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/80a8a3de/attachment.html>

More information about the Freeradius-Users mailing list