PEAP/MSCHAPv2 - Host Account Authentication Only

Matthew Newton mcn4 at
Thu Apr 26 01:52:43 CEST 2012


On Wed, Apr 25, 2012 at 11:58:06PM +0100, alan buxey wrote:
> Matthew, I would say the check is a little sparse....and assumes

Yeah, good idea checking the RHS of the username - hadn't thought
of that (scuttles off to implement it :) )

> oh. actually, yes, you should ignore that i said add it to authorize..
> what you SHOULD do is add the check to policy.conf and then call that
> policy name in authorize.  ah, thats better, can sleep now! ;-)


I'm doing PEAP/EAP-TLS (PEAP for the SoH), and I run with my
check-eap-tls patch, so I can easily check username and cert
subject match, too. Gives more ways of verifying things look ok.



Matthew Newton, Ph.D. <mcn4 at>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list