CHAP Authentication with rlm_perl module

Alan DeKok aland at deployingradius.com
Sat May 16 20:48:50 CEST 2020


On May 16, 2020, at 1:33 PM, Imdad Hasan <imdadalikadiwala0 at gmail.com> wrote:
> I tried, its working fine for CHAP. I set the perl call on reject. and in
> perl i write a logic for the rejected users.

  Good to hear.

> But the same logic is not working for MS-CHAP. At client side (Windows PC)
> pppoe dialer shows error like "It was not possible to verify identity of
> server".

  Yes.  It's impossible to do the same thing with MS-CHAP.  Part of MS-CHAP is that the client proves to the server that it knows the password just like CHAP.  However, MS-CHAP also has the server prove to the client that it knows the password.

  Since the server doesn't know the password, it can't issue this proof, and the client tears down the connection.

  Alan DeKok.




More information about the Freeradius-Users mailing list