Support of MSCHAPV2 over EAP-TTLS

[awaneesh kumar <awaneeshkmr@yahoo.com>]

Hi All,

 

I am using Freeradius version 1.1.3 for EAP-TTLS testing. I am testing for EAP-TTLS with tunneled authentication type as MSCHAPV2.

I suspect it fails, bcos it sends back Access-Accept instead of sending back the MS-CHAP2-Success encrypted over TLS protocol. please find the trace below.

 

 

  Processing the authenticate section of radiusd.conf

modcall: entering group MS-CHAP for request 5

  rlm_mschap: Told to do MS-CHAPv2 for tls_user with NT-Password

rlm_mschap: adding MS-CHAPv2 MPPE keys

  modcall[authenticate]: module "mschap" returns ok for request 5

modcall: leaving group MS-CHAP (returns ok) for request 5

  TTLS: Got tunneled Access-Accept

  rlm_eap: Freeing handler

  modcall[authenticate]: module "eap" returns ok for request 5

modcall: leaving group authenticate (returns ok) for request 5

Sending Access-Accept of id 5 to 218.248.72.239 port 24208

        Framed-Protocol = PPP

        MS-MPPE-Recv-Key = 0x743666c3df3bcb2c33c6e8a1d42bda70dc9417671f812caca0bbf9ebf37a5a0f

        MS-MPPE-Send-Key = 0x18c4e67813c594ae18a1aeaf62443a46e380e16c6bdd4cfecbe57168424c53a2

        EAP-Message = 0x03060004

        Message-Authenticator = 0x00000000000000000000000000000000

        User-Name = "tls_user"

Finished request 5

 

Does this version of Freeradius supports MSCHAPV2 over EAP-TTLS? If yes, how to configure the same?

 

Thanks in advance

 

---

No need to miss a message. Get email on-the-go 
with Yahoo! Mail for Mobile. Get started.