PEAP/mschapv2 fails first time

Alan DeKok aland at
Sat Jul 9 06:46:28 CEST 2005

"Graham, Robert" <rgraham at> wrote:
> I FINALLY got a user to authenicate against Active Directory via
> freeradius using PEAP and mschapv2. but I still have one issue.  When
> the user first logons, the authenication fails.  Approximately 60
> seconds later the client tries to re-authenicate and it is succesful. 
> The client (supplicant) is usingaegis client and both logon and desktop
> profiles are the same. Any ideas?

  The debug log, even though it's large, contains the answers.  Look
for words like "invalid", or "reject', or "fail".

> rlm_eap_tls: Received EAP-TLS ACK message
>   rlm_eap_tls: ack alert
>   eaptls_verify returned 4
>   eaptls_process returned 4
>   rlm_eap_peap: EAPTLS_OTHERS
>  rlm_eap: Handler failed in EAP/peap
>   rlm_eap: Failed in EAP select
>   modcall[authenticate]: module "eap" returns invalid for request 5
> modcall: group authenticate returns invalid for request 5
> auth: Failed to validate the user.

  That would seem to say that something went wrong.  It's not clear

  Alan DeKok.

More information about the Freeradius-Users mailing list