freeradius, problem with chap ?
Fajar A. Nugraha
list at fajar.net
Sun Dec 4 11:57:16 CET 2011
On Sun, Dec 4, 2011 at 5:49 PM, Piotr <piotr.1234 at interia.pl> wrote:
> I changed type of authentication,on cisco asa, to PAP:
>
> ASA(config)# sh run all | begin tunnel-group l2tp-ipsec ppp-attributes
> tunnel-group l2tp-ipsec ppp-attributes
> authentication pap
> no authentication chap
> no authentication ms-chap-v1
> no authentication ms-chap-v2
> no authentication eap-proxy
>
> but i don't know why i stil get on FR:
>
> rad_recv: Access-Request packet from host 10.62.1.1 port 1025, id=85,
> length=136
> User-Name = "tom3"
> CHAP-Password = 0x01ccbbe398364421101d8b50e4cb59a46e
This is what the NAS send
> FR try to authenticate via CHAP. I don't understand this, i'm little
> confused
FR doesn't try to invent something non existent. It simply process
what the NAS sends. Ask your NAS vendor why it's still using CHAP.
--
Fajar
More information about the Freeradius-Users
mailing list