Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?

Mak Moussa mmoussa at
Thu Oct 5 22:57:57 CEST 2006

Dear Alan,

Thank you for the quick reply. Indeed, on WinXP I was using the Funk
Odyssey client as it offered a good debug log.
However, I tested using different supplicants like IntelPROSet on WinXP
and the OSX 10.4 built-in supplicant with consistent results.

I even tried a LinkSys WAP54G Fat AP firmware v3.04, as well as the
Aruba switch with its thin AP with no difference in the results.

I would certainly appreciate any tips on the possible workarounds you


-----Original Message-----
From: at
[ at]
On Behalf Of Alan DeKok
Sent: Thursday, October 05, 2006 8:05 AM
To: FreeRadius users mailing list
Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ? 

"Mak Moussa" <mmoussa at> wrote:
> I would appreciate any insight into the 802.1x authentication using TTLS
> with MSCHAPv2. Such auth scheme is constantly failing in my wireless setup
> with FreeRadius. I tried 3 versions v1.0.5, v1.1.2 and v1.1.3 with not
> luck.


> The following authentication schemes worked fine:
> 1. TTLS w/ MSCHAP from my wireless client to freeradius v1.0.5, v1.1.2,
> v1.1.3
> 2. PEAP w/ MSCHAPv2 with same wireless client to same freeradius versions.
> 3. TTLS w/ MSCHAPv2 from the same wireless setup to an SBR v5.3


> If I made a freeradius configuration mistake, TTLS with mschap wouldn't
> work.

  Hmm... it may be that the MSCHAPv2 support in the TTLS code needs
work.  I haven't looked at it recently, but I do recall some

  Which client are you using?  It looks like Windows, but Windows
doesn't support TTLS natively, so you're obviously doing something

  Alan DeKok.
--       - The web site of the book - The blog

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list