<div class="gmail_quote">hello,<br><br>I am attempting to authenticate end-users via EAP-TTLS (with EAP-MD5) as the inner method.<br>I have noticed that the Access-Accept Message does NOT contain the right VSA attributes, nor the dynamic VLAN assignments.<br>
<br>Infact it would appear that the Microsoft MS-MPPE-Rec/Send Key attributes are sent back ?<br><br>Sending Access-Accept of id 6 to 172.23.35.62 port 62548<br> MS-MPPE-Recv-Key = 0x57718ff5e99e08f770ee3832bd9edf5cf3f010be6f9d200e86bb9afa55ca3c45<br>
MS-MPPE-Send-Key = 0x946a940cd99bb88a10de103fec50b1634f14869cc8f4da3788e099d5896cf272<br> EAP-Message = 0x03060004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> User-Name = "data1"<br>
<br>Now what makes this really interesting if I change my client's authentication type to EAP-MD5 only the Radius Server Sends back an Access-Accept message with Vendor VSA's and the dynamic-VLAN assignments<br>(As per the screen capture below)<br>
<br>Sending Access-Accept of id 2 to 172.23.35.62 port 55033<br> Tunnel-Type:0 = VLAN<br> Tunnel-Medium-Type:0 = IEEE-802<br> Tunnel-Private-Group-Id:0 = "4"<br> EAP-Message = 0x03020004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> User-Name = "data1"<br><br>Please advise if I have configured something incorrectly ?<br>As everything works correctly for EAP-MD5, but not for EAP-TTLS (with EAP-MD5 inner authentication)<br>
<br>Attached are the full server debug trace for both scenarios.<br><br>thanks<br><br>Amit<br><br>NOTES:<br>- FreeRadius 2.1.10 (installed via the "yum install freeradius") command<br>- Platform Fedora Linux (v14)<br>
2.6.35.6-45.fc14.i686<br><br>- below is an excerpt of my users file for the user "data1"<br><br>data1 Cleartext-Password := "data1"<br> Tunnel-Type = VLAN,<br> Tunnel-Medium-Type = IEEE-802,<br>
Tunnel-Private-Group-Id = 4,<br>
</div><br>