Using freeRadius with OTP and gateway
Mercier Valentin
mercierv at gmail.com
Thu Mar 15 06:58:46 CET 2012
> You don't enable it. The NAS is responsible for sending RADIUS
> packets, and originating CHAP requests. CHAP doesn't use a RADIUS
> challenge-response, despite it's name.
Ho ok, so I think I haven't good understand CHAP, my bad, sorry.
> CHAP doesn't work that way. The NAS sends a challenge to the client,
> and receives a response. It then sends challenge and response to the
> RADIUS server.
>
> If you want challenge-response controlled by the RADIUS server, use
> EAP-MD5.
And you think with EAP-MD5, I can prompt a "challenge" or number to the client
and I can calculate the response, and then I can send an another Radius request to
the server for the final authentication ?
Thanks for your answer Alan.
Best regards
--
Mercier Valentin
Le mercredi, 14 mars 2012 à 20:46, Alan DeKok a écrit :
> Mercier Valentin wrote:
> > But with some research we made, we have an another question.
> > We want to enable on free radius the Access Request --> Access Challenge
> > --> Access Request --> Access Accept / Reject, with CHAP, but we don't
> > know how to do this, and if you can help us it would be great.
>
> You don't enable it. The NAS is responsible for sending RADIUS
> packets, and originating CHAP requests. CHAP doesn't use a RADIUS
> challenge-response, despite it's name.
>
> > Because I read that usually with this kind of implementation the Access
> > Challenge contain a "message" with which the client need to calculate
> > the response. And for now that enough for us.
>
> CHAP doesn't work that way. The NAS sends a challenge to the client,
> and receives a response. It then sends challenge and response to the
> RADIUS server.
>
> If you want challenge-response controlled by the RADIUS server, use
> EAP-MD5.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120315/960dd1a5/attachment.html>
More information about the Freeradius-Users
mailing list