Alan, Thanks for your response. As you suggested, I used radclient command to test the CHAP. Now the server sends Access-Accept. But, what I observed is that the problem araises again even with radclient when I send User-Password attribute along with CHAP-Password attribute in the request. There is no problem when I don't send User-Password with CHAP-Password. Any thoughts on this why it is happening like this? I am attaching the Access packet info below for both success and failure cases. Success case: ============= Sending Access-Request of id 168 to 127.0.0.1 port 1812 User-Name = "steve" Acct-Session-Id = "001" NAS-Identifier = "NASIDTest" NAS-IP-Address = 192.168.1.120 Called-Station-Id = "called" Calling-Station-Id = "caller" NAS-Port = 1234 NAS-Port-Type = Ethernet CHAP-Password = 0xa88b83c43dd3fc20c67f3566f12ebb4958 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=168, length=71 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 172.16.3.33 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP server logs ----------- Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "steve" with CHAP password [chap] Using clear text password "testing" for user steve authentication. [chap] chap user steve authenticated succesfully ++[chap] returns ok Failure case ============ Sending Access-Request of id 109 to 127.0.0.1 port 1812 User-Name = "steve" Acct-Session-Id = "001" NAS-Identifier = "NASIDTest" NAS-IP-Address = 192.168.1.120 Called-Station-Id = "called" Calling-Station-Id = "caller" NAS-Port = 1234 NAS-Port-Type = Ethernet CHAP-Password = 0x74657374696e67 User-Password = "testing" rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=109, length=20 server logs: ------------ Found Auth-Type = CHAP +- entering group CHAP {...} [chap] rlm_chap: password supplied has wrong length ++[chap] returns invalid Failed to authenticate the user. Regards, Karun. -----Original Message----- From: freeradius-users-bounces+karuna.kumar=indscape.com@lists.freeradius.org on behalf of Alan DeKok Sent: Wed 6/9/2010 3:26 PM To: FreeRadius users mailing list Cc: Subject: Re: How to use CHAP? Karuna G. Kumar wrote:
I want to use CHAP for authenticating the user. When I am sending CHAP-Password to FreeRADIUS, I am getting the following error.
Found Auth-Type = CHAP +- entering group CHAP {...} [chap] rlm_chap: password supplied has wrong length
Your RADIUS client does not implement RADIUS. ...
CHAP-Password = 0x74657374696e67
It is sending *ASCII* for the CHAP-Password. It needs to implement the CHAP protocol. Use a real RADIUS client, like radclient. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html