PEAP with Freeradius 1.02 on Linux

[Stephen Donovan]

After much searching and trouble shooting tips from a couple of
members of this list. I eventully found a solution to my problem for
getting PEAP to work with Free-Radius.

An entry from my raddb/users file looked like this:

user User-Password == "user-pass", Called-Station-ID == "RSNA:SSID"
       	Tunnel-Private-Group-ID:1 = "WPATunnel"

This worked fine for TTLS mode but failed for PEAP. If I removed the
Called-Station-ID attribute then I was able to get PEAP to work, but I
wasn't able to match users to the SSID of the AP that they connected
to.

The final solution that I came up with that seems to work correctly
was to modify the peap section in raddb/eap.conf

peap {
			#  The tunneled EAP session needs a default
			#  EAP type which is separate from the one for
			#  the non-tunneled EAP module.  Inside of the
			#  PEAP tunnel, we recommend using MS-CHAPv2,
			#  as that is the default type supported by
			#  Windows clients.
			default_eap_type = mschapv2
			copy_request_to_tunnel = yes
			use_tunneled_reply = yes
		}

After I made this change everything appears to work as expected.

Stephen Donovan

On 6/1/05, Stephen Donovan <stephen.donovan at gmail.com> wrote:
> Hello All
> 
> I have spent the morning looking for a solution to this problem, but I
> have been unable to find a solution.
> 
> I am trying to use both PEAP and TTLS to authenticate a mobile device
> through an Access Point to my radius server. Using TTLS everything
> works fine, however I can not get it to work using PEAP. I am using
> Windows 2000 with Funk's Odyssey Client as my supplicant. I am not
> using certificates on the mobile and I have placed the user
> information in the users file. I am seeing similar behaviour with PEAP
> using Windows XP and the built in supplicant.
> 
> Thanks
> Stephen Donovan
> 
> I have attached the debug logs from starting Freeradius with radiusd
> -X -A. If any one could suggest anything it would be greatly
> appreciated.
> 
> 
>