Does freeradius-client library support CHAP protocol?

Alan DeKok aland at
Tue Apr 21 06:58:15 CEST 2009

Tarkshya wrote:
> I tried to enable CHAP protocol support in the freeradius-client
> library by uncommenting the CHAP code in sendserver.c file. (It is the
> code which was blocked using #if 0 macro) However, when I send a chap
> password, the server rejects the request saying that
> Found Auth-Type = CHAP
> +- entering group CHAP {...}
> [chap] rlm_chap: password supplied has wrong length
> What could be wrong here?

  What part of that message is unclear?

> Also, apparently the radclient testing tools which comes with
> freeradius SERVER can successfully authenticate using CHAP passwords.
> Its only the client tool (radiusclient) that gives problem. I noticed
> that the logic of encoding CHAP passwords is different in freeradius
> client and free radius server code.

  Well... that would seem to be the problem.

> Can somebody give me the exact algorithm for encoding and sending CHAP
> passwords in radius packets.

  You could read the FreeRADIUS server source code to see what works.
The code *is* publicly available.  Or, you could read the specification
(RFC 2865).  That's publicly available, too.

  Alan DeKok.

More information about the Freeradius-Devel mailing list