freeradius with TTLS - MSCHAPV2 authentication

A.L.M.Buxey at A.L.M.Buxey at
Thu May 18 13:45:32 CEST 2006


> Im using the D-Link client card with the odyssey client manager.
> Im trying to connect to the wlan configured with 802.1x authetication & the
> radius server used for authetication is freeradius-1.1.1.
> Eap-Type : TTLS
> Auth-Type : MS-CHAPV2
> When the MU sends an access request, the radius server replies back with
> the  Access-Reject code ( 3 ). Im not able to figure out what the problem
> is.. ??
> Does the freeradius support this eap & auth types ??
> Note : Im using the default eap.conf file with smaller changes. Like default
> eap type is changed to TTLS. And default auth type for TTLS is mschapv2.
> Please let me know if you have any idea.

yes. FreeRADIUS happily does EAP-TTLS with MS-CHAPv2 - but what are you doing the
authentication against in this instance? to successfully use the resulting
NTLM queries you need to configure the ntlm_auth section of radius configs
and make sure that you are happily talking to the authentication
use winbindd with a SAMBA that is bound to your AD. 

otherwise you are sending password requests etc to your FR which it cannot deal
with. as soon as you move to MS-CHAPv2 etc you can no longer use User-Passwords
or Crypt-Passwords etc in plain files or SQLs.

PS this is a freeradius-user question, not a freeradius-developer question


More information about the Freeradius-Devel mailing list