MSCHAPv2: How a shared key is used in auth request
-
I am new to MSCHAPv2, looking for pointers on:
When Radius Protocol is chosen as MSCHAPv2: how a shared key is used and verified between CP and radius server? Could someone help me with pointers. -
The shared secret between a NAS (CP in this case) and the RADIUS server can be configured in clients.conf or in your NAS table of your SQL database.
When u configure SQL in your FreeRADIUS package you have the option read clients from NAS table.
-
Thank you for the reply. What i am exactly looking for is:
In PAP, user password + sharedkey combination is used and the generated hash is sent to radius server for authentication. What is the equivalent in MSCHAPv2, how a shared key is used between radius server and radius client for authentication OR how is the shared key configured in the radius client is conveyed to the radius server. -
MSCHAPv2 uses a server side digital certificate. With this certificate it creates a secure tunnel. Inside this tunnel it uses CHAP or even PAP authentication.
Hopes this helps. Otherwise google RADIUS + MSCHAPv2. There is alot of information about it.