Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?

[Mohammed Petiwala <mhpetiwala@yahoo.com>]

Hi Alan, Mak:
I tried the patch on both freeRADIUS 1.1.2 and freeRADIUS 1.1.3 - had seen similar problems with wpa-supplicant and freeRADIUS with EAP-TTLS/MS-CHAPv2 and hence had to enable wpa_workaround flag to get past the issue... (which was incorrect)

But Mak's patch resolves the issue and now I can get EAP-TTLS/MS-CHAPv2 to work successfully without the workaround. I would suggest this patch go in as high-priority fix as part of the next release as it resolves the existing issues with the inner phase-2 mschapv2.
Thx.

Regards,
Mohammed.

---

Mak Moussa mmoussa at mmoussa.com
Thu Oct 12 19:06:59 CEST 2006

• Previous message: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?
• Next message: rewriting Frame-IP-Netmask
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks to Alan Buxey for reattaching the files in a tgz file.
Resending again.

Mak

-----Original Message-----
From: freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org
[mailto:freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Thursday, October 12, 2006 5:44 AM
To: FreeRadius users mailing list
Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ? 

"Mak Moussa" <mmoussa at mmoussa.com> wrote:
> He tested the patch successfully using v1.1.3 on Linux and both
TTLS-mschap
> and TTLS-mschav2 authentications worked fine.
> I tested the patch using v1.1.2 on Freebsd 5.3 and got
 the same successful
> authentications.

  Great.

> Please review the attached patch for any additional improvements as
needed.

  Hmm...

> Content-Disposition: attachment;
> 	filename="winmail.dat"

  Could you attach the files in a *standard* format
(i.e. non-Outlook), or put them on a web page?

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog