CHAP-Challenge Question

Alan DeKok aland at
Fri Mar 11 07:52:09 CET 2011

Jeremiah wrote:
> When a request comes in from the Tik , it adds a CHAP challenge and the
> Chap password obviously is differejt and the request fails.

  The CHAP-Challenge is a random number.  The CHAP-Password depends on
the real password, and the random number.  It should *always* be
different for every packet.

> What basic element am I failing to understand?  If the chap challenge
> string is sent in, should freeradius be able to use that with the
> chap-password to accept the user?

  Yes.  Unless the user entered the wrong password.  Or, the NAS does
the CHAP algorithm incorrectly.

  Alan DeKok.

More information about the Freeradius-Users mailing list