12 Aug
2014
12 Aug
'14
4:58 a.m.
The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel. You edited the "inner-tunnel" virtual server, and deleted "mschap" from it. Put it back.
I did have that in there but removed it trying to force it. I will change it back and play with it again tomorrow.
That still won't work, since the passwords are only available as MD5 hashes, which are incompatible with MSCHAPv2 (there is a nice overview on http://deployingradius.com/documents/protocols/compatibility.html). You have to change the settings of the client to use PAP as inner authentication protocol instead of MSCHAPv2. -- Herwin Weststrate