Hi, Sayantan Bhowmick schrieb:
I am trying to authenticate users using CHAP authentication. (snipp) users are authenticated successfully( provided userid and password id correct) irrespective of what is entered for the "shared secret" in the client. Is this a defect?
IIRC, yes, that means the client is broken.
Should'nt the RADIUS server check whether the client is using the correct "shared secret"?
No, he can't, in general. In authentication, the shared secret is used to protect secret data (e.g. cleartext passwords when doing PAP or MPPE-Keys when doing MS-CHAP). Unless you're using one of the attributes encrypted by means of the shared secret, the server never knows whether or not the client is using the same shared secret. IIRC, the server, however, is kind of "signing" his reply with the secret key, so if that's not the same one that the client has, the client should reject the server's reply as coming from a non-trustworthy server and not give you access. HTH, Stefan