Frreradius PAP and CHAP

hao chen chenhao602 at gmail.com
Wed Jun 20 04:07:47 CEST 2007 

Hi,

 I tryed as you said. But it seems I still miss something.
$cat /usr/local/etc/raddb/users
.....
John    Auth-Type := CHAP, CHAP-Password == "hello"
.......


$ cat request.txt
User-Name = John
CHAP-Password = hello

$radiusd -X

......

call_modsingle: chap
rlm_chap: login attempt by "John" with CHAP password ?谟??1?kW将芇?
rlm_chap: Could not find clear text password for user John
  modcall[authenticate]: module "chap" returns invalid

......

Any suggestion?Thank you.

--chenhao



















2007/6/20, Jian Wang <jwang at a10networks.com.cn>:
>
> On 6/20/07, hao chen <chenhao602 at gmail.com> wrote:
> >
> > Hi,Ivan
> >
> >        I want to know how to test CHAP with radclient(I have no NAS).
> > Could you give me a example of the radclient configure file?
> >         Thank you.
> > -chenhao
> >
>
> $ cat request.txt
> User-Name = foo
> CHAP-Password = bar
> $ radclient -sx -f request.txt <radius server> auth <shared secret>
> Sending Access-Request of id 116 to 192.168.3.38:1812
>         User-Name = "foo"
>         CHAP-Password = 0x74f42a8e4b2b3f0505ad6ed22ba980a20e
> rad_recv: Access-Accept packet from host 192.168.3.38:1812, id=116,
> length=20
>
>            Total approved auths:  1
>              Total denied auths:  0
>                Total lost auths:  0
> $
>
>
>  2007/6/20, tnt at kalik.co.yu < tnt at kalik.co.yu>:
> > >
> > > No, not with radtest. You can use radclient, which has much more
> > > ability,
> > > but is also more complicated.
> > >
> > > Use, for instance, XP dialup connection. In connection properties
> > > click
> > > on Security tab, Advanced radio button and then Settings button. By
> > > default all protocols are ticked. Leave only CHAP ticked and exit with
> > >
> > > OK. Once you are done with testing remember to go back and add
> > > protocols
> > > back.
> > >
> > > WARNING: This will work only if the NAS you are connecting through
> > > also
> > > supports CHAP authentication. If it doesn't, XP client with only CHAP
> > > enabled won't be able to connect.
> > >
> > > Ivan Kalik
> > > Kalik Informatika ISP
> > >
> > >
> > > Dana 19/6/2007, "lisa laam" < laam.lisa at gmail.com> piše:
> > >
> > > >thanks,
> > > >
> > > >Is there  a way to test CHAP?
> > > >
> > > >could we test that with "radtest"?
> > > >
> > > >
> > > >
> > > >
> > > >2007/6/19, tnt at kalik.co.yu < tnt at kalik.co.yu>:
> > > >>
> > > >> Have a look at dictionary.freeradius.internal. You will find
> > > several
> > > >> xxx-Password attributes where xxx are supported encryption types.
> > > >>
> > > >> To test CHAP you don't need to "tell" Freeradius anything. Chap
> > > module
> > > >> is enabled by default, so it will work if you havent diabled it.
> > > What
> > > >> you need to do is to get the client to use CHAP - radius server
> > > will
> > > >> "follow".
> > > >>
> > > >> Ivan Kalik
> > > >> Kalik Informatika ISP
> > > >>
> > > >>
> > > >> Dana 19/6/2007, "lisa laam" < laam.lisa at gmail.com> pi e:
> > > >>
> > > >> >Hi,
> > > >> >
> > > >> >I configured Freeradius to use PAP method with users file.
> > > >> >The password is stored in clear text is stored in clear text in
> > > the user
> > > >> >file and it works well.
> > > >> >
> > > >> >Now I want to use other mode of user storing with PAP method.
> > > (exemple
> > > >> MD5
> > > >> >with the user file locatedt in /freeradius-1.1.6
> > > >> /src/tests/digest-auth-MD5)
> > > >> >
> > > >> >1- How to tell frreeradius that the user password  is stored in
> > > clear
> > > >> text,
> > > >> >or digest, or MD5 hashed, etc ??
> > > >> >I tried to copy the content of "digest-auth-MD5" in the "users"
> > > file and
> > > >> I
> > > >> >got this errror :
> > > >> >
> > > >> >Errors reading /opt/freeradius/etc/raddb/users
> > > >> >radiusd.conf[1067]: files: Module instantiation failed.
> > > >> >radiusd.conf [1852] Unknown module "files".
> > > >> >radiusd.conf[1788] Failed to parse authorize section.
> > > >> >
> > > >> >
> > > >> >I want to test also CHAP method, how to tell radius to use this
> > > method in
> > > >> >stead of PAP?
> > > >> >
> > > >> >
> > > >> >thanks
> > > >> >
> > > >> >
> > > >>
> > > >> -
> > > >> List info/subscribe/unsubscribe? See
> > > >> http://www.freeradius.org/list/users.html
> > > >>
> > > >
> > > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/b13c7182/attachment.html>

More information about the Freeradius-Users mailing list