Hello Alan, I finally got it working. I missed the reply to the second access-challenge. One thing I am still not sure is about MPPE keys. For us we are using only EAP-MSCHAPv2 without peap. The authenticator needs the MPPE keys to authenticate the peer. But in the EAP-MSCAHPv2 Access-Challenge or Access-accept don't see the keys. I see that the keys are generated for MSCHAPv2 but are deleted before the request is sent. Help is very much appreciated. Thank you Indi On Jan 16, 2008 12:09 PM, Alan DeKok <aland@deployingradius.com> wrote:
indira kolli wrote:
What is the expected callflow for EAP-MSCAHPv2
Read the specification, or the source code.
Access-request Access-Challenge Access-request Access-Accept
Why am I getting Access-challenge again
You're not saying which supplicant you're using.
Let me guess: you're writing your own, and trying to debug it using FreeRADIUS. If that's true, I suggest that you go read the wpa_supplicant source code. It implements EAP-MSCHAPv2 correctly.
If you're not writing your own supplicant, then the server is working correctly. You may be surprised that more than one Access-Challenge is being sent, but that is the Way It Works. If you care to know why, go read the source code in rlm_eap_mschapv2.c
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html