EAP-MSChapv2 authentication

Alan DeKok aland at deployingradius.com
Tue Sep 12 22:11:34 CEST 2006


"Christopher, Paul" <Paul.Christopher at xerox.com> wrote:
> I have a device that uses EAP-MSCHAPv2 (without PEAP) for
> authentication. I am running freeRadius on Redhat. The device is plugged
> into a switch which sends the EAP request to the server. I am unable to
> get the device authenticated with the Radius server. In the users file
> should the Auth-type be local or MS-Chap?

  Neither.  Don't set Auth-Type at all.  The server WILL figure it out.

>  Should I be sending the authentication request to an NT domain or
> will the username and password in the user file be sufficient?

  Putting a username and password into the "users" file will be
sufficient.

#
bob	User-Password := "hello"

#

  EAP-MSCHAPv2 *will* work.  See:

http://deployingradius.com/documents/configuration/pap.html

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list