freeradiusclient and CHAP support

Christopher Gamio cgamio at
Wed Apr 29 17:30:13 CEST 2009

I think I may of narrowed down part of the problem. By inspecting the
packets I've noticed that for some reason the NAS IP Address
information is overwriting the CHAP password field. Any idea on where
/ why this could be happening for the CHAP password field and not the

On Mon, Apr 27, 2009 at 6:02 AM, Alan DeKok <aland at> wrote:
> Christopher Gamio wrote:
>> I'm currently using both the freeradius server and client and I was
>> having some issues with CHAP support. I noticed in the code that the
>> CHAP section of the client side was commented out. I'm tried
>> uncommenting it, noticed the password length issues and checked
>> google. I already know that CHAP isn't the best protocol to use, and I
>> agree. Unfortunately, I still need to use it anyway. I have been
>> looking through the source trying to figure out what the problem is
>> the code is.
>  You could try fixing the code to implement the CHAP protocol
> correctly.  The specifications are publicly available, as are multiple
> implementations.
>> Like I said, I noticed the password length error and
>> tried simply compensating for that, but the passwords still do not
>> match. What puzzles me is that CHAP works just fine in the radclient
>> packaged with the server,
>  Because that code works, and implements the protocol correctly.
>> so I feel that it should not be impossible
>> to implement in the client library. If someone could point me in the
>> right direction, or possibly explain the root cause of the problem in
>> more detail, that would be much appreciated.
>  Look at freeradius-server, src/lib/radius.c for a correct
> implementation of the CHAP protocol.  Make the freeradius-client code
> use the same algorithm.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Devel mailing list