Re: Convert Auth from PAP to CHAP ???
At 03:25 18/11/2003, Allen Chung wrote: Hello~ NAS == FreeRadius(Proxy) === Other Radius Server (PAP) (PAP) === (CHAP) (CHAP) My Proxy Server receives Auth-Request(PAP) from the NAS and proxy it to other Radius Server. The other Radius Server supports only CHAP, but the NAS uses PAP. I hope that FreeRadius(Proxy) could convert (PAP) to (CHAP). Might it work and How to setup the freeradiusd ? I think you have a theoretical problem here -- chap is by its nature a challenge-based authentication scheme, whereas PAP presents a username password up front. I can't imagine how you could convert one to the other. Alex
RE: Convert Auth from PAP to CHAP ???
NAS == FreeRadius(Proxy) === Other Radius Server (PAP) (PAP) ===(CHAP) (CHAP) My ProxyServer receives Auth-Request(PAP) from the NAS and proxy it to otherRadius Server. The otherRadius Server supports only CHAP, but the NAS uses PAP. I hope thatFreeRadius(Proxy) could convert (PAP) to (CHAP). Might it work and How to setupthe freeradiusd ? I dont know if freeRadius supports this (its a pretty weird scenario), but this is actually doable: the other way, ie from CHAP to PAP is not. The way it would work is: you extract the password from User-Password, create a random CHAP-challenge, generate the corresponding CHAP-Password(using the password you extracted) and send those attributes instead of User-Password in the Access- Request. You could try playing around with the code that deals with proxying in freeRadius. BTW just curious: why does the server only support CHAP and not PAP? If it does CHAP, it has access to the users password and PAP should actually be easier for it. Puneet ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Convert Auth from PAP to CHAP ???
Hi... I think that the Proxy can get the username and password because it usesPAP. So the Proxy could be a new NAS to send Auth-Request (with the username and password that it got) using CHAP. If the reault of challenge is "accept", the proxy will reply Access-Accept to NAS... - Original Message - From: Alex French To: [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 9:12 AM Subject: Re: Convert Auth from PAP to CHAP ??? At 03:25 18/11/2003, Allen Chung wrote: Hello~ NAS == FreeRadius(Proxy) === Other Radius Server (PAP) (PAP) === (CHAP) (CHAP) My Proxy Server receives Auth-Request(PAP) from the NAS and proxy it to other Radius Server. The other Radius Server supports only CHAP, but the NAS uses PAP. I hope that FreeRadius(Proxy) could convert (PAP) to (CHAP). Might it work and How to setup the freeradiusd ? I think you have a theoretical problem here -- chap is by its nature a challenge-based authentication scheme, whereas PAP presents a username password up front. I can't imagine how you could "convert" one to the other.Alex