On 28/08/13 15:46, Arran Cudbard-Bell wrote:
OK. Just wondering if you could really get it down to a single
lookup, IIRC you needed the 'known good' NT-Password data for a
couple of rounds of MSCHAPv2?
Nope, just one. The MSCHAP challenge & response arrive at you, you
validate them and in turn generate the response2.
You might be thinking of the first pass in EAP-MSCHAP, where the client
sends EAP-identity and the server sends EAP-MSCHAP challenge, but that's
stateless - just a random number. Likewise, the 3rd pass MSCHAP
success/fail packet is stateless.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html