SonicOS 8 Users

Using a CHAP challenge to Authenticate Users

If using RADIUS authentication (and if the RADIUS server supports it), a CHAP challenge can be used to authenticate users during web login. Such a login through HTTP is secure, so it is not necessary to enforce HTTPS for login.

Administrators who use this mechanism to log into the SonicWall appliance are restricted in the management operations they can perform. For some management operations, the appliance needs to know the user’s password, which is not available with CHAP authentication by a remote authentication server. Consequently, if this option is enabled, users who are members of administrative user groups might have to log in manually through HTTPS when logging in for administration. This restriction does not apply to the built-in admin account.

When using LDAP, this mechanism can be used normally by:

  • Setting the Authentication method for login to RADIUS.
  • Selecting LDAP as the mechanism for setting user group memberships in the RADIUS configuration.

To use a CHAP challenge to authenticate users

  1. Navigate to Device > Users > Settings > Web Login.
  2. Select Allow HTTP login with RADIUS CHAP mode to enable type of login.

    This option is only available when the Authentication method for login is RADIUS or RADIUS+Local Users. This option is not selected by default.

  3. Click Update.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden