Radiator Server Documentation — v10.33.2

mschapv2

MSCHAPv2 action for MSCHAPv2 authentication

Table of Contents
  • mschapv2
  • Basic Syntax
  • Result

mschapv2

Validates passwords using Microsoft Challenge-Handshake Authentication Protocol version 2 (MS-CHAPv2). MS-CHAPv2 improves on MS-CHAP with mutual authentication and stronger cryptographic keys for MPPE encryption.

Basic Syntax

@execute {
    backend {
        name "USERS";
        query "FIND_USER";
    }

    mschapv2;
}

Result

The mschapv2 action produces the following pipeline results:

  • Accept: The challenge-response verification succeeds. On success, the action also populates MPPE encryption keys in the reply for use by the NAS.
  • Reject: Authentication failed. This occurs when:
    • The user was not found (reason: "No such user"). Ensure the preceding backend action populates the user context.
    • The response does not match (reason: "Incorrect password").
  • Ignore: The request does not contain MS-CHAPv2 credentials. This allows combining mschapv2 with other authentication actions such as pap or chap in the same pipeline - the non-matching action is skipped.
Table of Contents
Navigation
Home

  • accept

  • all

  • any

  • append

  • assert

  • backend

  • challenge

  • chap

  • conditions

  • copy

  • count

  • debug

  • discard

  • each

  • eap

  • error

  • filter

  • first

  • hotp

  • http-basic-auth

  • if

  • ignore

  • invoke

  • log

  • map

  • message

  • modify

  • mschap

  • mschapv2

  • none

  • pap

  • reason

  • reject

  • reject_errors

  • replace

  • reply

  • rewrite

  • set

  • sleep

  • sometimes

  • stop

  • totp

  • trace

  • try

  • until

  • while

  • with

  • yubikey

Navigation
Home