<div>I am doing IKEv2 EAP-MSCHAPv2 radius Passthrough. </div>
<div><br><br> </div>
<div class="gmail_quote">On Jan 18, 2008 1:43 AM, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class="Ih2E3d">indira kolli wrote:<br>> I finally got it working. I missed the reply to the second<br>> access-challenge.<br><br></div> How could you possibly miss that? If you're using a standard<br>
supplicant, that packet should be about 1/10 of a second after the first<br>one.<br>
<div class="Ih2E3d"><br>> One thing I am still not sure is about MPPE keys.<br>> For us we are using only EAP-MSCHAPv2 without peap.<br>> The authenticator needs the MPPE keys to authenticate the peer.<br>> But in the EAP-MSCAHPv2 Access-Challenge or Access-accept don't see the<br>
> keys. I see that the keys are generated for MSCHAPv2 but are<br>> deleted before the request is sent.<br><br></div> Perhaps you could try reading my messages. You were already told that<br>EAP-MSCHAPv2 does not generate the MPPE keys.<br>
<br> Even if you changed the server source code, the AP's wouldn't look for<br>the MPPE keys. Even if you fixed the AP's, the supplicants wouldn't use<br>encryption for the wireless links.<br><br> And you haven't said if you're using this for wireless or wired<br>
authentication.<br><br> I think you're really not clear on what you want to do, how the<br>equipment works, and how the protocols work. I suggest spending time<br>reading more AP documentation before asking EAP-MSCHAPv2 questions on<br>
this list. The problem is NOT EAP-MSCHAPv2. The problem is that you<br>don't know what's going on, and as a result, are expecting that<br>EAP-MSCHAPv2 do things it's not supposed to do. Trying to "Fix"<br>
EAP-MSCHAPv2 is a waste of time. Find out why your expectations are<br>wrong, and fix them.<br>
<div>
<div></div>
<div class="Wj3C7c"><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></blockquote>
</div><br>