eap-mschapv2

Alan DeKok aland at deployingradius.com
Fri Jan 18 07:43:37 CET 2008


indira kolli wrote:
>      I finally got it working. I missed the reply to the second
> access-challenge.

  How could you possibly miss that?  If you're using a standard
supplicant, that packet should be about 1/10 of a second after the first
one.

>    One thing I am still not sure is about MPPE keys.
>  For us we are using only EAP-MSCHAPv2 without peap.
>  The authenticator needs the MPPE keys to authenticate the peer.
> But in the EAP-MSCAHPv2 Access-Challenge or Access-accept don't see the
> keys. I see that the keys are generated for MSCHAPv2 but are
> deleted before the request is sent.

  Perhaps you could try reading my messages.  You were already told that
EAP-MSCHAPv2 does not generate the MPPE keys.

  Even if you changed the server source code, the AP's wouldn't look for
the MPPE keys.  Even if you fixed the AP's, the supplicants wouldn't use
encryption for the wireless links.

  And you haven't said if you're using this for wireless or wired
authentication.

  I think you're really not clear on what you want to do, how the
equipment works, and how the protocols work.  I suggest spending time
reading more AP documentation before asking EAP-MSCHAPv2 questions on
this list.  The problem is NOT EAP-MSCHAPv2.  The problem is that you
don't know what's going on, and as a result, are expecting that
EAP-MSCHAPv2 do things it's not supposed to do.  Trying to "Fix"
EAP-MSCHAPv2 is a waste of time.  Find out why your expectations are
wrong, and fix them.

  Alan DeKok.



More information about the Freeradius-Users mailing list