cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
0
Helpful
1
Replies

no password sent to radius from ms-chap

danb
Level 1
Level 1

Hello,

I'm trying to authenticate a vpn connection (pptp) configured for ms-chap using a radius server (router is c3640, IOS 12.2.10a). But the router sends no password attribute to the radius server (no radius attribute 2 or 3). Using pap instead of ms-chap works.

What's wrong?

1 Reply 1

smalkeric
Level 6
Level 6

You won't see an attribute 3 sent as that would be rfc 1994 chap (not ms-chap). MS-chap 'stuff' is usually sent as attribute 26:

00:19:31: Attribute 4 6 AC127C9F

00:19:31: Attribute 5 6 00000001

00:19:31: Attribute 61 6 00000005

00:19:31: Attribute 1 7 63697363

00:19:31: Attribute 26 16 000001370B0A868C

00:19:31: Attribute 26 58 0000013701340701

00:19:31: Attribute 6 6 00000002

00:19:31: Attribute 7 6 00000001

It's likely that the router is working normally but that your RADIUS server doesn't support ms-chap or is misconfigured.