Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?

Mak Moussa mmoussa at mmoussa.com
Fri Oct 6 01:52:03 CEST 2006


Wanted to confirm that ttls w/mschapv2 didn't work in any of the test
scenarios outlined earlier.
Thanks.. I will look closely into that function in ttls.c

Would you still say that it is the ttls.c code, even though ttls w/mschap
worked fine?
I am looking for a differentiator in the code between mschap and mschapv2,
as the client didn't seem to accept the mppe keys iin the case of mschapv2
and claimed it had no PMK.

Thx
Mak
-----Original Message-----
From: freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org
[mailto:freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Thursday, October 05, 2006 3:06 PM
To: FreeRadius users mailing list
Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ? 

"Mak Moussa" <mmoussa at mmoussa.com> wrote:
> Thank you for the quick reply. Indeed, on WinXP I was using the Funk
> Odyssey client as it offered a good debug log.

  Ok...

> However, I tested using different supplicants like IntelPROSet on WinXP
> and the OSX 10.4 built-in supplicant with consistent results.

  i.e. it doesn't work, either?

  It looks like it may be an issue with FreeRADIUS.  See
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c, function
process_reply().  Poke that code, and see if it helps...

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list