Issues authenticating vs 2003 AD

Alan DeKok aland at
Fri Aug 19 20:20:52 CEST 2005

Tim P <panterafreak at> wrote:
> I understand you have said that repeatedly what I am asking is where
> is that chap coming from?

  As I've also said repeatedly, the client sends the authentication
request to the server, and the server does not, and can not control
what authenticate type the client uses.

>   I am not sure if it is coming from pppd or l2tpd or my windows
> client as I have radius properly configured correct?

  It probably comes from pppd or l2tpd.  I recall that the
configuration you posted earlier disabled chap, so I don't know why
the client would still be using it.

> The client is windows xp sp2 with a vpn tunnel going to the box, ipsec
> works fine, l2tp recieves the auth request and hands it to pppd which
> then passes it to radius.  On the windows side I have set it to only
> use mschap-v2 (also tried it with only ms chap) so it would seem the
> windows client is configured properly.

  If the RADIUS server is receiving a CHAP-Password in the request,
then something else in the system is using CHAP.  You *think* you've
configured it to use MSCHAP, but that is obviously not happening.

> So does my radius config look correct and another peice of the chain
> is broken and for some reason passing auth as chap?


> I'm sorry I'm not that knowledgable when it comes to radius, this is
> my first time using it, please be patient, I am just trying to figure
> out how it works (and yes I have read the conf file but still am not
> 100% sure of it).

  The problem isn't understanding how it works.  The problem is
believing things that are explained on the list.

  Alan DeKok.

More information about the Freeradius-Users mailing list