Freeradius on lenny doesn't permit mschap auth
David Dumortier
d.dumortier at free.fr
Fri Jan 14 16:14:14 CET 2011
Le Fri Jan 14 2011 à 02:32:12PM +0000, Phil Mayers dit :
[...]
> Even though you are bridling at my advice, I'm going to try one last
> time to be helpful. An MS-CHAP request looks like this:
>
> User-Name = "theuser"
> MS-CHAP-Challenge = 0x<32 hex digits>
> MS-CHAP2-Response = 0x<100 hex digits>
>
> ...and in all versions of FreeRadius, a request like the above can be
> put into a test file and sent with "radclient" like so:
>
> radclient -s -f request.txt $HOST auth $SECRET
>
> All you need to do is generate a valid mschap challenge & response pair;
> you can send the same one again and again (because in mschap the NAS
> generates and supplies the challenge, unlike EAP-MSCHAP where the radius
> server generates it).
>
> You can generate a valid mschap challenge/response by reading the
> MS-CHAP RFCs and writing some code.
>
> Or you can install FreeRadius 2.1.10, on another machine for example,
> and send the mschap requests from there using radtest from 2.1.10.
>
> Or you can use a "real" NAS to send a "real" MSCHAP requests, capture it
> using FreeRadius in debug mode, then "replay" it for testing.
>
>
> So, you've actually got lots of options.
Thank you, it is that I searched.
Regards,
--
David Dumortier
More information about the Freeradius-Users
mailing list