freeradius, problem with chap ?

Fajar A. Nugraha list at fajar.net
Sun Dec 4 11:57:16 CET 2011


On Sun, Dec 4, 2011 at 5:49 PM, Piotr <piotr.1234 at interia.pl> wrote:
> I changed type of  authentication,on cisco asa, to PAP:
>
> ASA(config)# sh run all | begin tunnel-group l2tp-ipsec ppp-attributes
> tunnel-group l2tp-ipsec ppp-attributes
>  authentication pap
>  no authentication chap
>  no authentication ms-chap-v1
>  no authentication ms-chap-v2
>  no authentication eap-proxy
>
> but i don't know why i stil get on FR:
>
> rad_recv: Access-Request packet from host 10.62.1.1 port 1025, id=85,
> length=136
>        User-Name = "tom3"
>        CHAP-Password = 0x01ccbbe398364421101d8b50e4cb59a46e

This is what the NAS send


> FR try to authenticate via CHAP. I don't understand this, i'm little
> confused

FR doesn't try to invent something non existent. It simply process
what the NAS sends. Ask your NAS vendor why it's still using CHAP.

-- 
Fajar




More information about the Freeradius-Users mailing list