Problem with MSCHAP and Freeradius authentication
Alan DeKok
aland at deployingradius.com
Fri Jan 20 19:44:17 CET 2012
Dhiraj Gaur wrote:
rt the server and use a test client to send an MS-CHAP
> authentication request. The |radclient| cannot currently be used to send
> this request, unfortunately, which makes testing a little difficult If
> everything goes well, you should see the server returning an
> Access-Accept <http://freeradius.org/rfc/rfc2865.html#Access-Accept>
> message as above."
The radclient program has since been updated.
> Hence I was of the view radtest cannot work for MS-CHAP authentication.
Sure. However, see "radtest -h". If you're running a recent version,
it will tell you it can do MS-CHAP.
> Request you to point me to the right link and way to do the MS-CHAP
> procedure and testing the same thorugh radtest. I could not understand
> "There's no User-Password in MS-CHAP."
You hard-coded it to *always* do NTLM authentication, using the PAP
credentials. Then you sent it a request which didn't contain a
cleartext password.
Again, the guide explains this in great detail. Follow it, and it
will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list