> You don't enable it. The NAS is responsible for sending RADIUS > packets, and originating CHAP requests. CHAP doesn't use a RADIUS > challenge-response, despite it's name. Ho ok, so I think I haven't good understand CHAP, my bad, sorry. > CHAP doesn't work that way. The NAS sends a challenge to the client, > and receives a response. It then sends challenge and response to the > RADIUS server. > > If you want challenge-response controlled by the RADIUS server, use > EAP-MD5. And you think with EAP-MD5, I can prompt a "challenge" or number to the client and I can calculate the response, and then I can send an another Radius request to the server for the final authentication ?
Thanks for your answer Alan. Best regards -- Mercier Valentin Le mercredi, 14 mars 2012 à 20:46, Alan DeKok a écrit : > Mercier Valentin wrote: > > But with some research we made, we have an another question. > > We want to enable on free radius the Access Request --> Access Challenge > > --> Access Request --> Access Accept / Reject, with CHAP, but we don't > > know how to do this, and if you can help us it would be great. > > You don't enable it. The NAS is responsible for sending RADIUS > packets, and originating CHAP requests. CHAP doesn't use a RADIUS > challenge-response, despite it's name. > > > Because I read that usually with this kind of implementation the Access > > Challenge contain a "message" with which the client need to calculate > > the response. And for now that enough for us. > > CHAP doesn't work that way. The NAS sends a challenge to the client, > and receives a response. It then sends challenge and response to the > RADIUS server. > > If you want challenge-response controlled by the RADIUS server, use > EAP-MD5. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
