On 22-07-15 08:27, Arul Sundaramoorthy wrote:
Hi,
Can anyone please let me know How to configure freeRADIUS server so it replies with a CHAP "access-challenge" message on "access-request" from a client?
The name CHAP is a bit misleading (at least in RADIUS context), because there is no Challenge or Handshake in the RADIUS conversation. The attribute CHAP-Password is just a hash calculated from the plaintext password and the identifier and authenticator of the packet. This is included in the Access-Request, and since there's no more need for more information the server response will be an Access-Accept or Access-Reject. That's just how CHAP works. Having said this, you might want to reconsider if you really want to use CHAP in your application. The protocol requires all passwords to be plaintext on the server and there is virtually no replay protection. Some more information: chapter 5.2.1 of http://networkradius.com/doc/FreeRADIUS-Implementation-Ch5.pdf -- Herwin Weststrate