MSCHAPv2: How a shared key is used in auth request



  • I am new to MSCHAPv2, looking for pointers on:
    When Radius Protocol is chosen as MSCHAPv2: how a shared key is used and verified between CP and radius server? Could someone help me with pointers.



  • The shared secret between a NAS (CP in this case) and the RADIUS server can be configured in clients.conf or in your NAS table of your SQL database.

    When u configure SQL in your FreeRADIUS package you have the option read clients from NAS table.



  • Thank you for the reply. What i am exactly looking for is:
    In PAP, user password + sharedkey combination is used and the generated hash is sent to radius server for authentication. What is the equivalent in MSCHAPv2, how a shared key is used between radius server and radius client for authentication OR how is the shared key configured in the radius client is conveyed to the radius server.



  • MSCHAPv2 uses a server side digital certificate. With this certificate it creates a secure tunnel. Inside this tunnel it uses CHAP or even PAP authentication.

    Hopes this helps. Otherwise google RADIUS + MSCHAPv2. There is alot of information about it.