Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?
Mak Moussa
mmoussa at mmoussa.com
Thu Oct 5 22:57:57 CEST 2006
Dear Alan,
Thank you for the quick reply. Indeed, on WinXP I was using the Funk
Odyssey client as it offered a good debug log.
However, I tested using different supplicants like IntelPROSet on WinXP
and the OSX 10.4 built-in supplicant with consistent results.
I even tried a LinkSys WAP54G Fat AP firmware v3.04, as well as the
Aruba switch with its thin AP with no difference in the results.
I would certainly appreciate any tips on the possible workarounds you
mentioned.
Thx
Mak
-----Original Message-----
From: freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org
[mailto:freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Thursday, October 05, 2006 8:05 AM
To: FreeRadius users mailing list
Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?
"Mak Moussa" <mmoussa at mmoussa.com> wrote:
> I would appreciate any insight into the 802.1x authentication using TTLS
> with MSCHAPv2. Such auth scheme is constantly failing in my wireless setup
> with FreeRadius. I tried 3 versions v1.0.5, v1.1.2 and v1.1.3 with not
much
> luck.
OK...
> The following authentication schemes worked fine:
> 1. TTLS w/ MSCHAP from my wireless client to freeradius v1.0.5, v1.1.2,
> v1.1.3
> 2. PEAP w/ MSCHAPv2 with same wireless client to same freeradius versions.
> 3. TTLS w/ MSCHAPv2 from the same wireless setup to an SBR v5.3
OK.
> If I made a freeradius configuration mistake, TTLS with mschap wouldn't
> work.
Hmm... it may be that the MSCHAPv2 support in the TTLS code needs
work. I haven't looked at it recently, but I do recall some
work-arounds..
Which client are you using? It looks like Windows, but Windows
doesn't support TTLS natively, so you're obviously doing something
special.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list