Win XP with 802.1x PEAP (EAP-MSCHAP V2)

Reimer Karlsen-Masur, DFN-CERT karlsen-masur at
Fri Apr 27 10:03:52 CEST 2007

Hi Marc,

are you aware of

"PEAP authentication is not successful when you connect to a third-party
RADIUS server"

Maybe it is somehow related?

Other updates I installed on XP SP2 for WLAN 802.1x and PEAP/EAP-TLS are

Hotfix 917021 (Wireless Client Update)

Hotfix 893357 (WPA2 Update)

Marc Charbonneau wrote:
> Ok, I minted the Certificates/Keys with a CA running on a Windows 2003
> server and was able to get them into the PEM format.  The EAP.CONF was
> modified accordingly and RADIUSD is happy.  I am still able to
> authenticate with no problems with 802.1x PEAP (EAP-MSCHAP V2) when
> using Cisco's ADU configuration tool.  Still have problems when using
> the Windows XP supplicant.
> In trying to authenticate with the Windows XP supplicant, I can see from
> the logs that it's changing the password's 1st character to an "a".  If
> you look at the log data below, you'll see that the user account
> "UOHI-40615" being used to authenticate is failing because the password
> sent is "aassword2" instead of "password2".

Are you typing your username/password on demand or has XP earlier stored it
magically and is reusing this?

If the latter, have you once typed the wrong password and XP is remembering
the wrong password?

> Does anyone know how to fix this problem?
> I'm so close, please help me find the needle in the haystack.

Beste Gruesse / Kind Regards

Reimer Karlsen-Masur

Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH,, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Freeradius-Users mailing list