ms-chap authentication with client tool?

Phil Mayers p.mayers at imperial.ac.uk
Tue Jan 31 14:03:05 CET 2006


DilipSimha.N.M wrote:
> hi,
> 
> is there any simple tool(other than jradius) which can be used as radius 
> client and which can be used to test
> mschap authentication??
> if so, please give the packet contents for radius client and the users 
> file check-items.

  1. run FreeRadius in debugging mode

  2. perform a successful MS-CHAP authentication with a "real" client

  3. copy the following info from the FreeRadius debugging output:
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES

  4. with that info, create a file containing a radius request:
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES
Calling-Station-Id = "something"
NAS-IP-Address = 192.168.1.2
NAS-Port = 1

  5. run the command "radclient -s -f $FILE $HOST auth $SECRET"

The radius server will authenticate that request every time. Since the 
challenge from a real NAS is essentially random there is only a low (but 
not zero) risk in having the info in a file.

You may need to edit your users file to disable things such as IP 
address pool assignment or such, but it will basically work fine. Such 
editing is dependent on your local configuration.



More information about the Freeradius-Users mailing list