Frreradius PAP and CHAP

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Jun 20 08:14:51 CEST 2007


"by the book" (if you have the latest server version):

John   Cleartext-Password := "hello"

No Auth-Type. Cleartext password attribute will work with ANY auth method.

Ivan Kalik
Kalik Informatika ISP


Dana 20/6/2007, "hao chen" <chenhao602 at gmail.com> piše:

>Hi,
>
> I tryed as you said. But it seems I still miss something.
>$cat /usr/local/etc/raddb/users
>.....
>John    Auth-Type := CHAP, CHAP-Password == "hello"
>.......
>
>
>$ cat request.txt
>User-Name = John
>CHAP-Password = hello
>
>$radiusd -X
>
>......
>
>call_modsingle: chap
>rlm_chap: login attempt by "John" with CHAP password ?č°Ÿ??1?kW将芇?
>rlm_chap: Could not find clear text password for user John
>  modcall[authenticate]: module "chap" returns invalid
>
>......
>
>Any suggestion?Thank you.
>
>--chenhao
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>2007/6/20, Jian Wang <jwang at a10networks.com.cn>:
>>
>> On 6/20/07, hao chen <chenhao602 at gmail.com> wrote:
>> >
>> > Hi,Ivan
>> >
>> >        I want to know how to test CHAP with radclient(I have no NAS).
>> > Could you give me a example of the radclient configure file?
>> >         Thank you.
>> > -chenhao
>> >
>>
>> $ cat request.txt
>> User-Name = foo
>> CHAP-Password = bar
>> $ radclient -sx -f request.txt <radius server> auth <shared secret>
>> Sending Access-Request of id 116 to 192.168.3.38:1812
>>         User-Name = "foo"
>>         CHAP-Password = 0x74f42a8e4b2b3f0505ad6ed22ba980a20e
>> rad_recv: Access-Accept packet from host 192.168.3.38:1812, id=116,
>> length=20
>>
>>            Total approved auths:  1
>>              Total denied auths:  0
>>                Total lost auths:  0
>> $
>>
>>
>>  2007/6/20, tnt at kalik.co.yu < tnt at kalik.co.yu>:
>> > >
>> > > No, not with radtest. You can use radclient, which has much more
>> > > ability,
>> > > but is also more complicated.
>> > >
>> > > Use, for instance, XP dialup connection. In connection properties
>> > > click
>> > > on Security tab, Advanced radio button and then Settings button. By
>> > > default all protocols are ticked. Leave only CHAP ticked and exit with
>> > >
>> > > OK. Once you are done with testing remember to go back and add
>> > > protocols
>> > > back.
>> > >
>> > > WARNING: This will work only if the NAS you are connecting through
>> > > also
>> > > supports CHAP authentication. If it doesn't, XP client with only CHAP
>> > > enabled won't be able to connect.
>> > >
>> > > Ivan Kalik
>> > > Kalik Informatika ISP
>> > >
>> > >
>> > > Dana 19/6/2007, "lisa laam" < laam.lisa at gmail.com> piĹĄe:
>> > >
>> > > >thanks,
>> > > >
>> > > >Is there  a way to test CHAP?
>> > > >
>> > > >could we test that with "radtest"?
>> > > >
>> > > >
>> > > >
>> > > >
>> > > >2007/6/19, tnt at kalik.co.yu < tnt at kalik.co.yu>:
>> > > >>
>> > > >> Have a look at dictionary.freeradius.internal. You will find
>> > > several
>> > > >> xxx-Password attributes where xxx are supported encryption types.
>> > > >>
>> > > >> To test CHAP you don't need to "tell" Freeradius anything. Chap
>> > > module
>> > > >> is enabled by default, so it will work if you havent diabled it.
>> > > What
>> > > >> you need to do is to get the client to use CHAP - radius server
>> > > will
>> > > >> "follow".
>> > > >>
>> > > >> Ivan Kalik
>> > > >> Kalik Informatika ISP
>> > > >>
>> > > >>
>> > > >> Dana 19/6/2007, "lisa laam" < laam.lisa at gmail.com> pi e:
>> > > >>
>> > > >> >Hi,
>> > > >> >
>> > > >> >I configured Freeradius to use PAP method with users file.
>> > > >> >The password is stored in clear text is stored in clear text in
>> > > the user
>> > > >> >file and it works well.
>> > > >> >
>> > > >> >Now I want to use other mode of user storing with PAP method.
>> > > (exemple
>> > > >> MD5
>> > > >> >with the user file locatedt in /freeradius-1.1.6
>> > > >> /src/tests/digest-auth-MD5)
>> > > >> >
>> > > >> >1- How to tell frreeradius that the user password  is stored in
>> > > clear
>> > > >> text,
>> > > >> >or digest, or MD5 hashed, etc ??
>> > > >> >I tried to copy the content of "digest-auth-MD5" in the "users"
>> > > file and
>> > > >> I
>> > > >> >got this errror :
>> > > >> >
>> > > >> >Errors reading /opt/freeradius/etc/raddb/users
>> > > >> >radiusd.conf[1067]: files: Module instantiation failed.
>> > > >> >radiusd.conf [1852] Unknown module "files".
>> > > >> >radiusd.conf[1788] Failed to parse authorize section.
>> > > >> >
>> > > >> >
>> > > >> >I want to test also CHAP method, how to tell radius to use this
>> > > method in
>> > > >> >stead of PAP?
>> > > >> >
>> > > >> >
>> > > >> >thanks
>> > > >> >
>> > > >> >
>> > > >>
>> > > >> -
>> > > >> List info/subscribe/unsubscribe? See
>> > > >> http://www.freeradius.org/list/users.html
>> > > >>
>> > > >
>> > > >
>> > >
>> > > -
>> > > List info/subscribe/unsubscribe? See
>> > > http://www.freeradius.org/list/users.html
>> > >
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>




More information about the Freeradius-Users mailing list