Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?

Mak Moussa mmoussa at
Fri Oct 6 01:52:03 CEST 2006

Wanted to confirm that ttls w/mschapv2 didn't work in any of the test
scenarios outlined earlier.
Thanks.. I will look closely into that function in ttls.c

Would you still say that it is the ttls.c code, even though ttls w/mschap
worked fine?
I am looking for a differentiator in the code between mschap and mschapv2,
as the client didn't seem to accept the mppe keys iin the case of mschapv2
and claimed it had no PMK.

-----Original Message-----
From: at
[ at]
On Behalf Of Alan DeKok
Sent: Thursday, October 05, 2006 3:06 PM
To: FreeRadius users mailing list
Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ? 

"Mak Moussa" <mmoussa at> wrote:
> Thank you for the quick reply. Indeed, on WinXP I was using the Funk
> Odyssey client as it offered a good debug log.


> However, I tested using different supplicants like IntelPROSet on WinXP
> and the OSX 10.4 built-in supplicant with consistent results.

  i.e. it doesn't work, either?

  It looks like it may be an issue with FreeRADIUS.  See
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c, function
process_reply().  Poke that code, and see if it helps...

  Alan DeKok.
--       - The web site of the book - The blog
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list