Question about authenticating CHAP clients using an externalprogram- A different case

Ali Majdzadeh ali.majdzadeh at
Tue Feb 24 13:58:51 CET 2009

Problem solved. I have mentioned my solution below, but now comes another
question, sorry :)
How is it possible to authenticate CHAP clients using an external program
and not the rlm_chap module?
I made two instances of the rlm_exec module. One as the authorization
external program and one as the authentication external program. The point
is that the Cleartext-Password should be sent out as a configuration item in
the authorization external program, in other words, what the authorization
program outputs should be configuration items (in this case). Well, in my
previous configuration, the authorization program has been output
attribute-value pairs as reply messages and that was wrong. Using
radiusd.conf, I changed the output type of the authorization external
program to config items. Now I can access User-Name, CHAP-Password,
CHAP-Challenge attribute-value pairs in my authentication external program.
By the way, the authorization external program sets my customized Auth-Type
so that in the authentication section, I can use it to authenticate clients
using my authentication external program which is another instance of the
rlm_exec module (the second one). The main problem is the way that
authentication should take place for CHAP, MS-CHAP and MS-CHAPv2 clients in
the authentication external program.

Kind Regards
Ali Majdzadeh Kohbanani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list