On Oct 27, 2016, at 6:49 AM, Marlen Caemmerer <caemmerer@ash-berlin.eu> wrote:
I upgraded to 3.0.12 and got debug output as attached.
It seems strange that Windows 8 and 10 are able to connect while MacOS and Linux aren't.
As far as I understand MacOS tries to use MS-CHAPv2 and this does not seem to work.
It seems my perl auth script does not get a password through while using mschapv2.
Because MS-CHAPv2 doesn't supply a password. The simple answer is that you should give the password to FreeRADIUS, and let FreeRADIUS authenticate the user. You shouldn't write a Perl script to do the authentication.
The perl script is for a custom type of authentication only.
It will only work for PAP authentication.
I have difficulties understanding what inner and outer identity are. Do you have a good hint on what to read to fully understand this?
In short, EAP-TTLS and PEAP set up a TLS connection between the PC and the RADIUS server. Authentication normally requires a name, so that is the "outer' one. When the TLS session is set up, the *real* name and password are sent inside of the TLS connection. That is the "inner" identity. Alan DeKok.