freeradiusclient and CHAP support

Alan DeKok aland at
Mon Apr 27 12:02:07 CEST 2009

Christopher Gamio wrote:
> I'm currently using both the freeradius server and client and I was
> having some issues with CHAP support. I noticed in the code that the
> CHAP section of the client side was commented out. I'm tried
> uncommenting it, noticed the password length issues and checked
> google. I already know that CHAP isn't the best protocol to use, and I
> agree. Unfortunately, I still need to use it anyway. I have been
> looking through the source trying to figure out what the problem is
> the code is.

  You could try fixing the code to implement the CHAP protocol
correctly.  The specifications are publicly available, as are multiple

> Like I said, I noticed the password length error and
> tried simply compensating for that, but the passwords still do not
> match. What puzzles me is that CHAP works just fine in the radclient
> packaged with the server,

  Because that code works, and implements the protocol correctly.

> so I feel that it should not be impossible
> to implement in the client library. If someone could point me in the
> right direction, or possibly explain the root cause of the problem in
> more detail, that would be much appreciated.

  Look at freeradius-server, src/lib/radius.c for a correct
implementation of the CHAP protocol.  Make the freeradius-client code
use the same algorithm.

  Alan DeKok.

More information about the Freeradius-Devel mailing list