I’m trying to setup CHAP authentification on our free radius server. By default, it is using PAP which for our purpose is highly inefficient. We are connecting to the server via a mikrotik router which has http-chap enabled that pases through chap id and challenge data to a external hotspor URL. Plaintext data is passed fine using PAP, however whenever chap is selected on the microtik router, the freeradius server doesn’t achnowledge any login requests when set to debug mode. After reading up freeradius doccumentation, it notes how CHAP works which i understand, however i can’t find how it is configured.
If someone could assist in showing me where CHAP needs to be enabled that would be great. In the default mikrotik php login form, a javascript method shown below handles the CHAP authentification from an external hotspot.
<form name="sendin" action="<?php echo $_SESSION['linkloginonly']; ?>"
method="post">
<input type="hidden" name="username" />
<input type="hidden" name="password" />
<input type="hidden" name="dst" value="<?php echo $_SESSION['linkorig']; ?>" />
<input type="hidden" name="popup" value="true" />
</form>
<script type="text/javascript" src="./md5.js"></script>
<script type="text/javascript">
<!--
function doLogin() {
<?php if(strlen($_SESSION['chapid']) < 1) echo "return true;\n"; ?>
document.sendin.username.value = document.login.username.value;
document.sendin.password.value = hexMD5('<?php echo $chapid; ?>' + document.login.password.value + '<?php echo $_SESSION['chapchallenge']; ?>');
document.sendin.submit();
return false;
}