Freeradius on lenny doesn't permit mschap auth

David Dumortier d.dumortier at free.fr
Fri Jan 14 16:14:14 CET 2011


Le Fri Jan 14 2011 à 02:32:12PM +0000, Phil Mayers dit :
[...]

> Even though you are bridling at my advice, I'm going to try one last  
> time to be helpful. An MS-CHAP request looks like this:
>
> User-Name = "theuser"
> MS-CHAP-Challenge = 0x<32 hex digits>
> MS-CHAP2-Response = 0x<100 hex digits>
>
> ...and in all versions of FreeRadius, a request like the above can be  
> put into a test file and sent with "radclient" like so:
>
> radclient -s -f request.txt $HOST auth $SECRET
>
> All you need to do is generate a valid mschap challenge & response pair;  
> you can send the same one again and again (because in mschap the NAS  
> generates and supplies the challenge, unlike EAP-MSCHAP where the radius  
> server generates it).
>
> You can generate a valid mschap challenge/response by reading the  
> MS-CHAP RFCs and writing some code.
>
> Or you can install FreeRadius 2.1.10, on another machine for example,  
> and send the mschap requests from there using radtest from 2.1.10.
>
> Or you can use a "real" NAS to send a "real" MSCHAP requests, capture it  
> using FreeRadius in debug mode, then "replay" it for testing.
>
>
> So, you've actually got lots of options.

Thank you, it is that I searched.

Regards,
-- 
David Dumortier



More information about the Freeradius-Users mailing list