CHAP Challenge
Alan DeKok
aland at deployingradius.com
Tue Apr 17 08:32:23 CEST 2012
GT4NE1 wrote:
> We're thinking it might have to do with the CHAP challenge length that
> gets sent by these new modems, or more specifically, the new radio
> module in them. From packet captures, the same length gets sent every
> time (59), but fails with the
Except that the debug output you posted shows *nothing* about the
Access-Request.
> every time. Successful attempts from other modems have varying length
> up to 50 from what I've seen. Is there a higher level of debug I can
> turn on to see what CHAP is failing even though the correct username
> and password are being supplied or is there a CHAP setting somewhere
> specifies maximum challenge length?
FreeRADIUS has *no* limit on the CHAP-Challenge. It can handle
challenges up to 253 octets, which is the maximum length of RADIUS
attributes.
If CHAP is failing, it's because the client is calculating the wrong
CHAP-Password.
> I'm told these modems were successfully tested against a Juniper
> RADIUS server. Below is the debug output and my freeradius version.
> Any help would be greatly appreciated.
There is no CHAP-Challenge in the debug output. You've helpfully
deleted the entire contents of the Access-Request.
For all that's holy, *WHY* do people insist on doing this? The FAQ,
README, "man" page, web pages, and daily messages on this list say "post
the debug output". They DON'T say "butcher the debug output, and post
small pieces of it."
If you want us to help you, the ask *good* questions. Asking a
question about a CHAP-Challenge, and then *not* including it in the
debug output is a *bad* thing to do.
Alan DeKok.
More information about the Freeradius-Users
mailing list