PEAP with Freeradius 1.02 on Linux
stephen.donovan at gmail.com
Fri Jun 3 14:49:11 CEST 2005
After much searching and trouble shooting tips from a couple of
members of this list. I eventully found a solution to my problem for
getting PEAP to work with Free-Radius.
An entry from my raddb/users file looked like this:
user User-Password == "user-pass", Called-Station-ID == "RSNA:SSID"
Tunnel-Private-Group-ID:1 = "WPATunnel"
This worked fine for TTLS mode but failed for PEAP. If I removed the
Called-Station-ID attribute then I was able to get PEAP to work, but I
wasn't able to match users to the SSID of the AP that they connected
The final solution that I came up with that seems to work correctly
was to modify the peap section in raddb/eap.conf
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# PEAP tunnel, we recommend using MS-CHAPv2,
# as that is the default type supported by
# Windows clients.
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
After I made this change everything appears to work as expected.
On 6/1/05, Stephen Donovan <stephen.donovan at gmail.com> wrote:
> Hello All
> I have spent the morning looking for a solution to this problem, but I
> have been unable to find a solution.
> I am trying to use both PEAP and TTLS to authenticate a mobile device
> through an Access Point to my radius server. Using TTLS everything
> works fine, however I can not get it to work using PEAP. I am using
> Windows 2000 with Funk's Odyssey Client as my supplicant. I am not
> using certificates on the mobile and I have placed the user
> information in the users file. I am seeing similar behaviour with PEAP
> using Windows XP and the built in supplicant.
> Stephen Donovan
> I have attached the debug logs from starting Freeradius with radiusd
> -X -A. If any one could suggest anything it would be greatly
More information about the Freeradius-Users