Problem in PEAP authentication with SSID check

Alan DeKok aland at
Wed Apr 19 16:04:13 CEST 2006

Antonio Matera <antonio.matera at> wrote:
> I can't authenticate my client with PEAP when in the user I set the SSID 
> check.
> My user is the following:
> cn-test  Cisco-AVPair == "ssid=cn-test", User-Password == "ciao"

  The password checks are done *inside* of the TLS tunnel.  The
Cisco-AVPair attribure is sent *outside* of the tunnel.

  You're trying to check two independent things with one entry in the
"users" file.

> my PEAP configuration is:
> peap {
> 			 default_eap_type = mschapv2
> 		#	copy_request_to_tunnel = no

  Uncomment the last line and it will work.

  Alan DeKok.

More information about the Freeradius-Users mailing list