Discussion:
ms-chap authentication with client tool?
DilipSimha.N.M
2006-01-31 11:18:03 UTC
Permalink
hi,

is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
if so, please give the packet contents for radius client and the users
file check-items.

--DilipSimha
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers
2006-01-31 13:03:05 UTC
Permalink
Post by DilipSimha.N.M
hi,
is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
if so, please give the packet contents for radius client and the users
file check-items.
1. run FreeRadius in debugging mode

2. perform a successful MS-CHAP authentication with a "real" client

3. copy the following info from the FreeRadius debugging output:
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES

4. with that info, create a file containing a radius request:
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES
Calling-Station-Id = "something"
NAS-IP-Address = 192.168.1.2
NAS-Port = 1

5. run the command "radclient -s -f $FILE $HOST auth $SECRET"

The radius server will authenticate that request every time. Since the
challenge from a real NAS is essentially random there is only a low (but
not zero) risk in having the info in a file.

You may need to edit your users file to disable things such as IP
address pool assignment or such, but it will basically work fine. Such
editing is dependent on your local configuration.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Patrick Bartkus
2006-01-31 15:47:07 UTC
Permalink
You could try using the windows program NTRadPing from
http://www.dialways.com/download/.
It has a "CHAP" checkbox.

HTH,
Patrick
Post by Phil Mayers
Post by DilipSimha.N.M
hi,
is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
if so, please give the packet contents for radius client and the users
file check-items.
1. run FreeRadius in debugging mode
2. perform a successful MS-CHAP authentication with a "real" client
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "user"
MS-CHAP-Challenge = 0xBYTES
MS-CHAP2-Response = 0xBYTES
Calling-Station-Id = "something"
NAS-IP-Address = 192.168.1.2
NAS-Port = 1
5. run the command "radclient -s -f $FILE $HOST auth $SECRET"
The radius server will authenticate that request every time. Since the
challenge from a real NAS is essentially random there is only a low (but
not zero) risk in having the info in a file.
You may need to edit your users file to disable things such as IP
address pool assignment or such, but it will basically work fine. Such
editing is dependent on your local configuration.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Josh Howlett
2006-01-31 21:23:57 UTC
Permalink
Post by Patrick Bartkus
You could try using the windows program NTRadPing from
http://www.dialways.com/download/.
It has a "CHAP" checkbox.
CHAP and MS-CHAP are quite different.

josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
2006-01-31 18:24:32 UTC
Permalink
Post by DilipSimha.N.M
is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
radclient should really be updated to support MS-CHAP. It's not
hard. And it would be easier to do that than to write another client.
Post by DilipSimha.N.M
if so, please give the packet contents for radius client and the users
file check-items.
src/tests/mschapv1

Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DilipSimha.N.M
2006-02-01 05:41:06 UTC
Permalink
comments INLINE....
Post by Alan DeKok
Post by DilipSimha.N.M
is there any simple tool(other than jradius) which can be used as radius
client and which can be used to test
mschap authentication??
radclient should really be updated to support MS-CHAP. It's not
hard. And it would be easier to do that than to write another client.
Post by DilipSimha.N.M
if so, please give the packet contents for radius client and the users
file check-items.
src/tests/mschapv1
as u have specified in src/tests/README , that lines with #U shud go
into users file.
but in src/tests/mschapv1 u have given User-Password in clear text???
mschap has the advantage over chap, that it doesn't store passwords in
clear-text in the users file.
am i right????
Post by Alan DeKok
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
2006-02-01 17:01:18 UTC
Permalink
Post by DilipSimha.N.M
as u have specified in src/tests/README , that lines with #U shud go
into users file.
but in src/tests/mschapv1 u have given User-Password in clear text???
Yes, so?
Post by DilipSimha.N.M
mschap has the advantage over chap, that it doesn't store passwords in
clear-text in the users file.
am i right????
No.

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Continue reading on narkive:
Search results for 'ms-chap authentication with client tool?' (Questions and Answers)
6
replies
who win the match for jonh and randy ortan?
started 2007-08-19 06:00:21 UTC
rugby league
Loading...