MSCHAPv2: How a shared key is used in auth request
I am new to MSCHAPv2, looking for pointers on:
When Radius Protocol is chosen as MSCHAPv2: how a shared key is used and verified between CP and radius server? Could someone help me with pointers.
The shared secret between a NAS (CP in this case) and the RADIUS server can be configured in clients.conf or in your NAS table of your SQL database.
When u configure SQL in your FreeRADIUS package you have the option read clients from NAS table.
Thank you for the reply. What i am exactly looking for is:
In PAP, user password + sharedkey combination is used and the generated hash is sent to radius server for authentication. What is the equivalent in MSCHAPv2, how a shared key is used between radius server and radius client for authentication OR how is the shared key configured in the radius client is conveyed to the radius server.
MSCHAPv2 uses a server side digital certificate. With this certificate it creates a secure tunnel. Inside this tunnel it uses CHAP or even PAP authentication.
Hopes this helps. Otherwise google RADIUS + MSCHAPv2. There is alot of information about it.