Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?
Mak Moussa
mmoussa at mmoussa.com
Thu Oct 12 08:02:15 CEST 2006
Alan,
Thank you for the pointers to the source code.
My colleague Colus Tang was quick to dive into the code and had to patch 2
files: ttls.c and rlm_eap_ttls.c to change the behavior from eap_mschap to
eap_mschapv2.
He tested the patch successfully using v1.1.3 on Linux and both TTLS-mschap
and TTLS-mschav2 authentications worked fine.
I tested the patch using v1.1.2 on Freebsd 5.3 and got the same successful
authentications.
Please review the attached patch for any additional improvements as needed.
I am attaching two console outputs of 'radiusd -X' before and after the
patch to show the behavior differences.
Many thanks for the help.
Mak
-----Original Message-----
From: freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org
[mailto:freeradius-users-bounces+mmoussa=mmoussa.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Friday, October 06, 2006 6:18 AM
To: FreeRadius users mailing list
Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ?
"Mak Moussa" <mmoussa at mmoussa.com> wrote:
> Would you still say that it is the ttls.c code, even though ttls w/mschap
> worked fine?
Yes.
> I am looking for a differentiator in the code between mschap and mschapv2,
Like the code I pointed you to?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 58159 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061011/f17c71e5/attachment.bin>
More information about the Freeradius-Users
mailing list