From owner-freebsd-isp  Mon Jun  8 02:56:14 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA07042
          for freebsd-isp-outgoing; Mon, 8 Jun 1998 02:56:14 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from sun-test.hightek.com ([194.74.141.100])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA07037
          for <isp@freebsd.org>; Mon, 8 Jun 1998 02:56:11 -0700 (PDT)
          (envelope-from andreas@klemm2.hightek.com)
Received: from klemm2.hightek.com ([195.90.203.76]) by sun-test.hightek.com
          (Netscape Mail Server v1.1) with ESMTP id AAA7369;
          Mon, 8 Jun 1998 11:56:06 +0200
Received: (from andreas@localhost)
	by klemm2.hightek.com (8.8.8/8.8.8) id LAA21307;
	Mon, 8 Jun 1998 11:56:05 +0200 (CEST)
	(envelope-from andreas)
Message-ID: <19980608115605.21479@hightek.com>
Date: Mon, 8 Jun 1998 11:56:05 +0200
From: Andreas Klemm <aklemm@hightek.com>
To: isp@FreeBSD.ORG
Cc: IBS / Andre Oppermann <andre@pipeline.ch>
Subject: how does PPP CHAP work ?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
X-Operating-System: FreeBSD 2.2.6-STABLE
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi !

I need some quick advice about PPP CHAP, hope you can help.

I have an USR TC Access Router. We only use PAP authentication.
A typical Radius entry looks like this:

username password, etc ... and then
		User-Service-Type = Framed-User,
		Framed-Protocol = PPP,
		Port-Limit = 1,
		Framed-IP-Address = 195.90.205.247,
		Framed-Netmask = 255.255.255.0,
		Framed-Routing = None,
		Framed-Compression = None,
		Framed-MTU = 1500

Would that PAP client be able to authenticate via CHAP with the
same RADIUS authentication entry ? I heard from USR tech support,
that both pap and chp is supported.

A collegue of mine claims, that it would'nt be possible, because
CHAP would use a two way handshake, that means, our access router
would have to authenticate itself with username and password on
the client access router.

On the other hand I didn't find any hint in the official radius
2.0.1 manual, that there is a switch/token, what authentication
to use (PAP or CHAP) and no config tokens, where I could set the
login and password we'd user to authenticate us on the client.

My own experiences told me, that I have to login myself on
Cisco's using CHAP and on the cisco client router I don't
provide a special entry for the Access Server (Cisco Router at
the ISP).

Somebody so kind to make things clear ?

-- 
B&K Gruppe - Wuppertal                                    <aklemm@hightek.com>
phone +49 202 7399 - 170                                 <andreas@FreeBSD.ORG>
fax   +49 202 7399 - 100                      http://www.FreeBSD.ORG/~andreas/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message