On Dec 1, 2021, at 9:48 AM, Diego Forcella <diego.forcella@c2group.it> wrote:
I tried radtest both with -t chap and with -t mschap
With -t chap I view CHAP-Password that is encrypted but with -t mschap I have MS-CHAP-Password that is clear-text and is the same of Cleartext-password , it's not possible mapping MS-CHAP-Password to Cleartext-Password?
Read the debug output on the *server*. The MS-CHAP-Password attribute is used internally by radclient. It's not sent in a RADIUS packet. If there was a way to do it, I would have told you. There's no need to ask the same question over and over. The answer won't change.
Excuse if maybe this is a stupid question for you but I'm a newbie, where you suggest that I can start to study this feature/configuration?
There's a ton of standards documents which explain how CHAP and MS-CHAP work. But there's no point in reading them. They'll give you technical information about how the protocols work. They won't help make CHAP / MS-CHAP work with Google LDAP. CHAP and MS-CHAP don't work with Google LDAP. That's it. It's that simple. There's nothing more to do. The reasons are complex, and buried inside of 40 page standards documents. Alan DeKok.