Connection Failure with PEAP0/1 with MSCHAPv2

Matthew Newton mcn at
Wed May 13 11:23:36 CEST 2020

On 13/05/2020 09:17, Ammann, Lukas wrote:
> If i disable certificate validation on Win, Ubuntu and Android, the devices connect successfully.

Not a good idea, but for testing things, OK.

> The embedded device (TI CC3100MOD) however, also has disabled certification validation, but is unable to connect to the server.

It doesn't get as far as checking any certificates.

> I post the debug log output from freeradius below, can someone explain here where is goes wrong based in the log info?

> (52) eap: Peer sent packet with method EAP Identity (1)
> (52) eap: Calling submodule eap_md5 to process data
> (52) eap_md5: Issuing MD5 Challenge


> (53) eap: Peer sent packet with method EAP NAK (3)
> (53) eap: Found mutually acceptable type PEAP (25)
> (53) eap: Calling submodule eap_peap to process data

Set the default EAP type to peap and you'll save one round trip.

> (54) eap: Peer sent packet with method EAP NAK (3)
> (54) eap: Peer NAK'd indicating it is not willing to continue
> (54) eap: Sending EAP Failure (code 4) ID 2 length 4

You need to look in the logs on the device to see why it's not willing 
to continue. It hasn't even got as far as exchanging certificates.


More information about the Freeradius-Users mailing list