• SonicOS and SonicOSX 7 Users
• Configuring Users Status
  • Logging Out Users
    • Logging Out a Single User
    • Logging Out Multiple Users
  • Displaying Inactive Users
  • Displaying Unauthenticated Users
  • Displaying the User Count
  • Refreshing the Users List
• Configuring User Settings
  • User Login Settings
    • Setting the Authentication Method for Login
    • Setting the Single-Sign-On Methods
    • Requiring User Names be Treated as Case-Sensitive
    • Preventing Users From Logging in from More than One Location
    • Forcing Users to Log In Immediately After Changing Their Passwords
    • Displaying User Login Information Since the Last Login
  • One-Time Password Settings
  • Configuring the User Web Login Settings
    • Setting the Timeout for the Authentication Page
    • Setting How the Browser is Redirected
    • Managing Redirections to the Login Page
    • Using a CHAP challenge to Authenticate Users
    • Redirecting Unauthenticated Users
    • Adding URLs to Authentication Bypass
  • User Session Settings
    • User Session Settings for SSO-Authenticated Users
    • User Session Settings for Web Login
  • Accounting
    • Configuring RADIUS Accounting
      • Sending RADIUS Accounting Information to Servers
      • Configuring User Accounting
      • Testing RADIUS Accounting
      • Editing RADIUS Servers
      • Deleting RADIUS Servers
    • Configuring TACACS+ Accounting
• Configuring and Managing Partitions
  • Authentication Partitioning Settings
  • Authentication Partitions
    • Adding Partitions and Subpartitions
    • Deleting Partitions and Subpartitions
      • Deleting All Partitions
      • Deleting Multiple Partitions
      • Deleting a Single Partition
  • Assigning Servers, Agents, and Clients
    • Manually Assigning Servers, Agents, and Clients
    • Automatically Assigning Servers, Agents, and Clients
  • Editing Partitions
• Configuring Guest Services
  • Adding Guest Profiles
  • Editing Guest Profiles
  • Deleting Guest Profiles
• Configuring Guest Accounts
  • Adding Guest Accounts
  • Editing Guest Accounts
  • Deleting Guest Accounts
    • Deleting a Guest Account
    • Deleting Multiple Guest Accounts
    • Deleting All Guest Accounts
  • Managing Guest Status
    • Logging Out Guests
    • Logging Out All Guests
• Configuring Local Users and Groups
  • About Authentication and Passwords
    • Using Two-Factor Authentication
    • Enforcing First Login Password Change
  • Configuring Local Users
    • Quota Control for all Users
    • Viewing Local Users
    • Adding Local Users
      • Configuring Local Users Settings
      • Configuring Local Users Groups
      • Configuring Local Users VPN Access
      • Configuring Local Users User Quota
    • Editing Local Users
  • Configuring Local Groups
    • Adding Local Groups
      • Configuring Local Groups Settings
      • Configuring Local Group Settings Members
      • Configuring Local Group Settings VPN Access
      • Configuring Local Group Settings Administration
    • Editing Local Groups
• SonicWall Support
  • About This Document

Using a CHAP challenge to Authenticate Users

If using RADIUS authentication (and if the RADIUS server supports it), a CHAP challenge can be used to authenticate users during web login. Such a login through HTTP is secure, so it is not necessary to enforce HTTPS for login.

Administrators who use this mechanism to log into the SonicWall appliance are restricted in the management operations they can perform. For some management operations, the appliance needs to know the user’s password, which is not available with CHAP authentication by a remote authentication server. Consequently, if this option is enabled, users who are members of administrative user groups might have to log in manually through HTTPS when logging in for administration. This restriction does not apply to the built-in admin account.

When using LDAP, this mechanism can be used normally by:

• Setting the Authentication method for login to RADIUS.
• Selecting LDAP as the mechanism for setting user group memberships in the RADIUS configuration.

To use a CHAP challenge to authenticate users

1. Navigate to Users > Settings > Web Login.

2. Select Allow HTTP login with RADIUS CHAP mode to enable type of login.

   This option is only available when the Authentication method for login is RADIUS or RADIUS+Local Users. This option is not selected by default.

3. Click Update.