Gautam Tripathi wrote:
However, we are unable to use this client library for our needs. The reason is that the library does not seem to support challenge-response mode of authentication. From what I have understood by looking at the library source is that it can only give a yes/no answer to an authentication request. Specifically, the library provides a single method for radius authentication called rc_auth. However, this function seems to return only binary result (OK_RC or BADRESP_RC).
That is one of the limitations of the code.
There is no return code for an access-challenge message from the server. The client understand only access-accept or access-reject codes.
So I am coming to the conclusion that the freeradius-client-1.1.6 is not a fully conforming radius client library. The library in its current form and at the current version doesn not support challenge-response type of authentications. Please corrent me if I am wrong. May be I am missing something here. But we need a definite answer to be able to decide if this library is sufficient for our needs or not.
It shouldn't be too hard to modify the code. Alan DeKok.