[Home server Radius in "always accept mode with mschap"]

Timothy White timwhite88 at gmail.com
Fri Mar 30 01:54:08 CEST 2012


On Fri, Mar 30, 2012 at 7:26 AM, Fajar A. Nugraha <list at fajar.net> wrote:
> On Fri, Mar 30, 2012 at 4:22 AM, Thomas Fagart <tfagart at brozs.net> wrote:
>> As I was not very familiar with MS-CHAP, I've google a little and it seems
>> to me that my goal (ie ms chapv2 welcome server without having user/passwd
>> of users) is not reachable as the home server MUST have users/passwd to
>> generate challenge.
>
> Exactly.
>
> To be accurate, the home server MUST have cleartext or nt-hash of the
> user's password.

Is it possible on the proxy server, to catch the challenge and
response when the normal server is running, store them, and then issue
the same challenge and same chap-success from the "welcome" server
when another request is made?

Just a thought, I only do normal CHAP and would have thought you could
just do an access-accept for any request unless the client needs a
special key from it.

Tim


More information about the Freeradius-Users mailing list