Fwd: how to test CHAP authentication with radtest/radclient
Michael Martinez
mwtzzz at gmail.com
Sun Feb 28 02:49:31 CET 2016
Nevermind. Radius needs the password database to provide a cleartext
password for CHAP to work. This became apparent when I tested it with
a user defined with a Cleartext-Password in the users file.
---------- Forwarded message ----------
From: Michael Martinez <mwtzzz at gmail.com>
Date: Sat, Feb 27, 2016 at 5:28 PM
Subject: how to test CHAP authentication with radtest/radclient
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
I'm running freeradius-3.0.11. I've got a test user configured in the
local unix system, and PAP authentication works. I'm trying to test it
with CHAP (for educational purposes). First I run radtest:
radtest -t chap test4 testing4 127.0.0.1 0 xxxxx
(7) Login incorrect (chap: &control:Cleartext-Password is required for
authentication): [test4/<CHAP-Password>] (from client localhost port
0)
Then I try radclient:
echo "User-Name=test4,Cleartext-Password=testing4,Chap-Password=testing4"
| radclient 127.0.0.1 auth hello
I tried this latter one with different combinations of
"User-Password", "CHAP-Password" and "Cleartext-Password" but they all
result in the same error seen below:
(11) Found Auth-Type = CHAP
(11) # Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
(11) Auth-Type CHAP {
(11) chap: ERROR: &control:Cleartext-Password is required for authentication
(11) [chap] = fail
(11) } # Auth-Type CHAP = fail
(11) Failed to authenticate the user
(11) Login incorrect (chap: &control:Cleartext-Password is required
for authentication): [test4/<CHAP-Password>] (from client localhost
port 0)
I can't tell whether I'm running the tests incorrectly or I've got the
server set up incorrectly (I suspect it's the former.)
--
---
Michael Martinez
http://www.michael--martinez.com
--
---
Michael Martinez
http://www.michael--martinez.com
More information about the Freeradius-Users
mailing list