On 14/01/11 12:44, David Dumortier wrote:
Le Fri Jan 14 2011 � 12:05:36PM +0000, Phil Mayers dit :
On 14/01/11 10:59, David Dumortier wrote:
You're running 2.0.4. I suggest upgrading to 2.1.10.
I'm on Debian/lenny, I will stay on lenny.
Sigh. So you're not willing to follow the advice people give you. Why ask?
Mmmmh seems to be pretty offensive !
Shrug. You are entitled to your opinion. I'm not going to lose any sleep
over it.
In a production environement you can't make what you want.</end of
the troll>.
We run a locally-built version of FreeRadius 2.1.10 + patches in a
production enviroment doing millions of authentications per-day. Maybe
it's just you that can't run what you like?
...i.e. the mschap module ignores it, because it's not mschap, and no
other module catches it, so it can't be handled/authenticated.
If you want to test mschap... send an mschap request.
So radtest can't make an mschap request ?
Yes. In 2.1.10, which you don't want to run.
Even though you are bridling at my advice, I'm going to try one last
time to be helpful. An MS-CHAP request looks like this:
User-Name = "theuser"
MS-CHAP-Challenge = 0x<32 hex digits>
MS-CHAP2-Response = 0x<100 hex digits>
...and in all versions of FreeRadius, a request like the above can be
put into a test file and sent with "radclient" like so:
radclient -s -f request.txt $HOST auth $SECRET
All you need to do is generate a valid mschap challenge & response pair;
you can send the same one again and again (because in mschap the NAS
generates and supplies the challenge, unlike EAP-MSCHAP where the radius
server generates it).
You can generate a valid mschap challenge/response by reading the
MS-CHAP RFCs and writing some code.
Or you can install FreeRadius 2.1.10, on another machine for example,
and send the mschap requests from there using radtest from 2.1.10.
Or you can use a "real" NAS to send a "real" MSCHAP requests, capture it
using FreeRadius in debug mode, then "replay" it for testing.
So, you've actually got lots of options.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
