Crafting a CHAP auth request
Alan Batie
alan at batie.org
Tue Feb 11 09:42:26 UTC 2025
I'm trying to use radclient to test chap authentication, however it
looks like the chap-password attribute is getting encrypted or something
and not passed as specified. How should one do this? I'm trying to get a
test working with freeradius 1.1.7 that I can use to validate a
freeradius 3.2.5 installation...
https://freeradius-users.freeradius.narkive.com/OdBT8CjP/ms-chap-authentication-with-client-tool
tshark -V for a real, accepted, request:
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x7c (124)
Length: 175
Authenticator: D9FC93F9B090BAD032E0F15793F31AE6
Attribute Value Pairs
AVP: l=6 t=Service-Type(6): Framed-User(2)
Service-Type: Framed-User (2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
Framed-Protocol: PPP (1)
AVP: l=6 t=NAS-Port(5): 15832385
NAS-Port: 15832385
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
NAS-Port-Type: Ethernet (15)
AVP: l=7 t=User-Name(1): CPEV2
User-Name: CPEV2
AVP: l=19 t=Calling-Station-Id(31): <macaddr>
Calling-Station-Id: <macaddr>
AVP: l=10 t=Called-Station-Id(30): service1
Called-Station-Id: service1
AVP: l=15 t=NAS-Port-Id(87): bridge2-10.11
NAS-Port-Id: bridge2-10.11
AVP: l=10 t=Acct-Session-Id(44): 81e19440
Acct-Session-Id: 81e19440
AVP: l=18 t=CHAP-Challenge(60): 16C474F4671ABE2E03E2F199B170E22A
CHAP-Challenge: 16C474F4671ABE2E03E2F199B170E22A
AVP: l=19 t=CHAP-Password(3): 015223EA79AAE8B427798EC0FA5EC35FA9
CHAP-Password: 015223EA79AAE8B427798EC0FA5EC35FA9
AVP: l=9 t=NAS-Identifier(32): knox-gw
NAS-Identifier: knox-gw
AVP: l=6 t=NAS-IP-Address(4): 207.55.2.20
NAS-IP-Address: 207.55.2.20 (207.55.2.20)
AVP: l=18 t=Message-Authenticator(80):
4605A791CA930685357F73A2B89D6197
Message-Authenticator: 4605A791CA930685357F73A2B89D6197
From that, I craft up this input to radclient:
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port-Type = Ethernet
NAS-Port = 15832385
User-Name = CPEv2
Calling-Station-Id = <macaddr>
Called-Station-Id = service1
NAS-Port-Id = bridge2-10.11
Acct-Session-Id = 81e19440
CHAP-Challenge = 0x16C474F4671ABE2E03E2F199B170E22A
CHAP-Password = 0x015223EA79AAE8B427798EC0FA5EC35FA9
NAS-Identifier = knox-gw
NAS-IP-Address = 207.55.2.20
Message-Authenticator = 0x4605A791CA930685357F73A2B89D6197
However, what gets sent is:
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0xfd (253)
Length: 175
Authenticator: 68FC978374D1E2D4B190667E651488E5
Attribute Value Pairs
AVP: l=6 t=Service-Type(6): Framed-User(2)
Service-Type: Framed-User (2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
Framed-Protocol: PPP (1)
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
NAS-Port-Type: Ethernet (15)
AVP: l=6 t=NAS-Port(5): 15832385
NAS-Port: 15832385
AVP: l=7 t=User-Name(1): CPEv2
User-Name: CPEv2
AVP: l=19 t=Calling-Station-Id(31): <macaddr>
Calling-Station-Id: <macaddr>
AVP: l=10 t=Called-Station-Id(30): service1
Called-Station-Id: service1
AVP: l=15 t=NAS-Port-Id(87): bridge2-10.11
NAS-Port-Id: bridge2-10.11
AVP: l=10 t=Acct-Session-Id(44): 81e19440
Acct-Session-Id: 81e19440
AVP: l=18 t=CHAP-Challenge(60): 16C474F4671ABE2E03E2F199B170E22A
CHAP-Challenge: 16C474F4671ABE2E03E2F199B170E22A
AVP: l=19 t=CHAP-Password(3): FDB41FBAC26B503DBA63E94B8C667E928A
CHAP-Password: FDB41FBAC26B503DBA63E94B8C667E928A
AVP: l=9 t=NAS-Identifier(32): knox-gw
NAS-Identifier: knox-gw
AVP: l=6 t=NAS-IP-Address(4): 207.55.2.20
NAS-IP-Address: 207.55.2.20 (207.55.2.20)
AVP: l=18 t=Message-Authenticator(80):
D07850811C046CAD43B07082152D0050
Message-Authenticator: D07850811C046CAD43B07082152D0050
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3989 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20250211/f400f710/attachment.bin>
More information about the Freeradius-Users
mailing list