On Fri, Mar 30, 2012 at 7:26 AM, Fajar A. Nugraha <[email protected]> wrote: > On Fri, Mar 30, 2012 at 4:22 AM, Thomas Fagart <[email protected]> wrote: >> As I was not very familiar with MS-CHAP, I've google a little and it seems >> to me that my goal (ie ms chapv2 welcome server without having user/passwd >> of users) is not reachable as the home server MUST have users/passwd to >> generate challenge. > > Exactly. > > To be accurate, the home server MUST have cleartext or nt-hash of the > user's password.
Is it possible on the proxy server, to catch the challenge and response when the normal server is running, store them, and then issue the same challenge and same chap-success from the "welcome" server when another request is made? Just a thought, I only do normal CHAP and would have thought you could just do an access-accept for any request unless the client needs a special key from it. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
