DilipSimha.N.M wrote:
hi,
is there any simple tool(other than jradius) which can be used as radius client and which can be used to test mschap authentication?? if so, please give the packet contents for radius client and the users file check-items.
1. run FreeRadius in debugging mode 2. perform a successful MS-CHAP authentication with a "real" client 3. copy the following info from the FreeRadius debugging output: User-Name = "user" MS-CHAP-Challenge = 0xBYTES MS-CHAP2-Response = 0xBYTES 4. with that info, create a file containing a radius request: Service-Type = Framed-User Framed-Protocol = PPP User-Name = "user" MS-CHAP-Challenge = 0xBYTES MS-CHAP2-Response = 0xBYTES Calling-Station-Id = "something" NAS-IP-Address = 192.168.1.2 NAS-Port = 1 5. run the command "radclient -s -f $FILE $HOST auth $SECRET" The radius server will authenticate that request every time. Since the challenge from a real NAS is essentially random there is only a low (but not zero) risk in having the info in a file. You may need to edit your users file to disable things such as IP address pool assignment or such, but it will basically work fine. Such editing is dependent on your local configuration.