freeradiusclient and CHAP support
Alan DeKok
aland at deployingradius.com
Mon Apr 27 12:02:07 CEST 2009
Christopher Gamio wrote:
> I'm currently using both the freeradius server and client and I was
> having some issues with CHAP support. I noticed in the code that the
> CHAP section of the client side was commented out. I'm tried
> uncommenting it, noticed the password length issues and checked
> google. I already know that CHAP isn't the best protocol to use, and I
> agree. Unfortunately, I still need to use it anyway. I have been
> looking through the source trying to figure out what the problem is
> the code is.
You could try fixing the code to implement the CHAP protocol
correctly. The specifications are publicly available, as are multiple
implementations.
> Like I said, I noticed the password length error and
> tried simply compensating for that, but the passwords still do not
> match. What puzzles me is that CHAP works just fine in the radclient
> packaged with the server,
Because that code works, and implements the protocol correctly.
> so I feel that it should not be impossible
> to implement in the client library. If someone could point me in the
> right direction, or possibly explain the root cause of the problem in
> more detail, that would be much appreciated.
Look at freeradius-server, src/lib/radius.c for a correct
implementation of the CHAP protocol. Make the freeradius-client code
use the same algorithm.
Alan DeKok.
More information about the Freeradius-Devel
mailing list