Hi All,
 
I have been trying to configure PEAP with EAP -MD5 but i juat cannot get it to work.
 
TTLS with EAP -MD5 workes fine.
Also PEAP with Token card(gtc) and MSCHAPv2 works fine.
 
What I tried is...
1. When I comment out MSCHAPv2 in the eap.conf file and I try with the client being in PEAP EAP-MSCHAPv2, then I get a REJECT as below.
2.When I comment out MD5 in the eap.conf file and try with the client being in PEAP EAP MD5, then I get the same REJECT message as below
3. When I dont comment out MD5(MD5 is enabled) in the eap.conf file and try with the client being in PEAP EAP MD5, then I get the same REJECT message as below
 
In all the above three cases, I seem to be getting the same Reject message as below:
 
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "queenie", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap]  Had sent TLV failure.  User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> queenie
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 9 to 192.168.5.200 port 1024
        EAP-Message = 0x04090004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.5 seconds.
Cleaning up request 0 ID 1 with timestamp +79
Cleaning up request 1 ID 2 with timestamp +79
Cleaning up request 2 ID 3 with timestamp +79
Cleaning up request 3 ID 4 with timestamp +79
Waking up in 0.2 seconds.
Cleaning up request 4 ID 5 with timestamp +79
Cleaning up request 5 ID 6 with timestamp +79
Cleaning up request 6 ID 7 with timestamp +79
Cleaning up request 7 ID 8 with timestamp +79
Waking up in 1.0 seconds.
Cleaning up request 8 ID 9 with timestamp +79
Ready to process requests.
 
Is it possible that in the eap.conf file, the MD5 does not get enabled under PEAP? Cause MD5 does work fine with TTLS for me.
 
Pl help!
 
Regards,
Queenie