On May 24, 2021, at 8:00 AM, manjunatha srinivasan <manjunathan.n@gmail.com> wrote:
Below is my-setup of testing EAP-FAST/EAP-MSCHAPv2 with cross-over cable connected between supplicant's client and hostapd/freeradius. Note, both hostapd and freeradius are running on host - Ubuntu 16.04. Also attached log of freeradius.
<wpa_supplicant(v2.9)<--->Authenticator(hostapd)<----->Authentication server(freeradius v3.0.15).
Perhaps try 3.0.22, which was just released. I don't think there's any changes related to FAST, but it can't hurt.
By the way, wpa_suppliant is not enabled for CONFIG_EAP_FAST support and default to gnuTLS. I have re-compiled it, to support openssl (1.1.0) and enabled EAP_FAST for testing.
The question is: I am successfully testing EAP-PEAP/EAP-MSCHAPv2 and EAP-TTLS/EAP-MSCHAPv2. But, fails in EAP-FAST/EAP-MSCHAPv2.
Please let me know if EAP-MSCHAPv2 is supported in freeradius with wpa_supplicant communication.
It should be,
Below is partial output where error occurs during inner tunnel authentication:
---------------- 7) mschap: Found Cleartext-Password, hashing to create NT-Password (7) mschap: Found Cleartext-Password, hashing to create LM-Password (7) mschap: Creating challenge hash with username: user2 (7) mschap: Client is using MS-CHAPv2
*(7) mschap: ERROR: MS-CHAP2-Response is incorrect*(7) [mschap] = reject
That seems pretty clear. The MS-CHAP code is used for *all* MS-CHAP calculations. So we know that it's correct. Maybe there's something odd in the EAP-FAST code. Alan DeKok.