In article <[EMAIL PROTECTED]>, Nathan Miller <[EMAIL PROTECTED]> wrote: >At 10:53 AM 11/14/2001 -0500, you wrote: >>Nathan Miller <[EMAIL PROTECTED]> wrote: >> > 1. When received requests directly to the new freeradius machine from >> > either UUNet or other CHAP enabled provider, freeradius is _never_ sending >> > the CHAP-Challenge to the script nor logging it in the radius debug >> > output. I show this below in some debug outputs. >> >> That's because it isn't receiving the CHAP-Challenge. Look at the >>example packet you sent. There's no CHAP-Challenge there. > >I agree it's certainly not in the debug; however, I do know the provider is >sending the CHAP-Challenge as it arrives on my other radius servers just fine.
That because the NAS is free to put the challenge in the 'auth-vector' part of the radius packet (think of it as a header) instead of in the CHAP-Challenge attribute. If there's no CHAP-Challenge attribute use the auth-vector.. that's what the RFC says However if the server proxies a packet it has to create a new vector so it explicitly adds a CHAP-Challenge attribute to the radius data with the old auth-vector data. As Alan said someone would have to hack the server so that it internally always does this instead of only when it's proxying Mike. -- "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former" -- Albert Einstein. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html