After much searching and trouble shooting tips from a couple of members of this list. I eventully found a solution to my problem for getting PEAP to work with Free-Radius. An entry from my raddb/users file looked like this: user User-Password == "user-pass", Called-Station-ID == "RSNA:SSID" Tunnel-Private-Group-ID:1 = "WPATunnel" This worked fine for TTLS mode but failed for PEAP. If I removed the Called-Station-ID attribute then I was able to get PEAP to work, but I wasn't able to match users to the SSID of the AP that they connected to. The final solution that I came up with that seems to work correctly was to modify the peap section in raddb/eap.conf peap { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # PEAP tunnel, we recommend using MS-CHAPv2, # as that is the default type supported by # Windows clients. default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = yes } After I made this change everything appears to work as expected. Stephen Donovan On 6/1/05, Stephen Donovan <stephen.donovan@gmail.com> wrote:
Hello All
I have spent the morning looking for a solution to this problem, but I have been unable to find a solution.
I am trying to use both PEAP and TTLS to authenticate a mobile device through an Access Point to my radius server. Using TTLS everything works fine, however I can not get it to work using PEAP. I am using Windows 2000 with Funk's Odyssey Client as my supplicant. I am not using certificates on the mobile and I have placed the user information in the users file. I am seeing similar behaviour with PEAP using Windows XP and the built in supplicant.
Thanks Stephen Donovan
I have attached the debug logs from starting Freeradius with radiusd -X -A. If any one could suggest anything it would be greatly appreciated.