Freeradius on lenny doesn't permit mschap auth

David Dumortier d.dumortier at
Fri Jan 14 16:14:14 CET 2011

Le Fri Jan 14 2011 à 02:32:12PM +0000, Phil Mayers dit :

> Even though you are bridling at my advice, I'm going to try one last  
> time to be helpful. An MS-CHAP request looks like this:
> User-Name = "theuser"
> MS-CHAP-Challenge = 0x<32 hex digits>
> MS-CHAP2-Response = 0x<100 hex digits>
> ...and in all versions of FreeRadius, a request like the above can be  
> put into a test file and sent with "radclient" like so:
> radclient -s -f request.txt $HOST auth $SECRET
> All you need to do is generate a valid mschap challenge & response pair;  
> you can send the same one again and again (because in mschap the NAS  
> generates and supplies the challenge, unlike EAP-MSCHAP where the radius  
> server generates it).
> You can generate a valid mschap challenge/response by reading the  
> MS-CHAP RFCs and writing some code.
> Or you can install FreeRadius 2.1.10, on another machine for example,  
> and send the mschap requests from there using radtest from 2.1.10.
> Or you can use a "real" NAS to send a "real" MSCHAP requests, capture it  
> using FreeRadius in debug mode, then "replay" it for testing.
> So, you've actually got lots of options.

Thank you, it is that I searched.

David Dumortier

More information about the Freeradius-Users mailing list