Problem with MSCHAP and Freeradius authentication

Alan DeKok aland at
Fri Jan 20 19:44:17 CET 2012

Dhiraj Gaur wrote:
rt the server and use a test client to send an MS-CHAP
> authentication request. The |radclient| cannot currently be used to send
> this request, unfortunately, which makes testing a little difficult If
> everything goes well, you should see the server returning an
> Access-Accept <>
> message as above."

  The radclient program has since been updated.

> Hence I was of the view radtest cannot work for MS-CHAP authentication.

  Sure.  However, see "radtest -h".  If you're running a recent version,
it will tell you it can do MS-CHAP.

> Request you to point me to the right link and way to do the MS-CHAP
> procedure and testing the same thorugh radtest. I could not understand
> "There's no User-Password in MS-CHAP."

  You hard-coded it to *always* do NTLM authentication, using the PAP
credentials.  Then you sent it a request which didn't contain a
cleartext password.

  Again, the guide explains this in great detail.  Follow it, and it
will work.

  Alan DeKok.

More information about the Freeradius-Users mailing list