Using freeRadius with OTP and gateway
Alan DeKok
aland at deployingradius.com
Wed Mar 14 20:46:06 CET 2012
Mercier Valentin wrote:
> But with some research we made, we have an another question.
> We want to enable on free radius the Access Request --> Access Challenge
> --> Access Request --> Access Accept / Reject, with CHAP, but we don't
> know how to do this, and if you can help us it would be great.
You don't enable it. The NAS is responsible for sending RADIUS
packets, and originating CHAP requests. CHAP doesn't use a RADIUS
challenge-response, despite it's name.
> Because I read that usually with this kind of implementation the Access
> Challenge contain a "message" with which the client need to calculate
> the response. And for now that enough for us.
CHAP doesn't work that way. The NAS sends a challenge to the client,
and receives a response. It then sends challenge and response to the
RADIUS server.
If you want challenge-response controlled by the RADIUS server, use
EAP-MD5.
Alan DeKok.
More information about the Freeradius-Users
mailing list