eap-mschapv2

indira kolli indkolli at gmail.com
Fri Jan 18 15:35:33 CET 2008


I am doing IKEv2 EAP-MSCHAPv2 radius Passthrough.



On Jan 18, 2008 1:43 AM, Alan DeKok <aland at deployingradius.com> wrote:

> indira kolli wrote:
> >      I finally got it working. I missed the reply to the second
> > access-challenge.
>
>  How could you possibly miss that?  If you're using a standard
> supplicant, that packet should be about 1/10 of a second after the first
> one.
>
> >    One thing I am still not sure is about MPPE keys.
> >  For us we are using only EAP-MSCHAPv2 without peap.
> >  The authenticator needs the MPPE keys to authenticate the peer.
> > But in the EAP-MSCAHPv2 Access-Challenge or Access-accept don't see the
> > keys. I see that the keys are generated for MSCHAPv2 but are
> > deleted before the request is sent.
>
>  Perhaps you could try reading my messages.  You were already told that
> EAP-MSCHAPv2 does not generate the MPPE keys.
>
>  Even if you changed the server source code, the AP's wouldn't look for
> the MPPE keys.  Even if you fixed the AP's, the supplicants wouldn't use
> encryption for the wireless links.
>
>  And you haven't said if you're using this for wireless or wired
> authentication.
>
>  I think you're really not clear on what you want to do, how the
> equipment works, and how the protocols work.  I suggest spending time
> reading more AP documentation before asking EAP-MSCHAPv2 questions on
> this list.  The problem is NOT EAP-MSCHAPv2.  The problem is that you
> don't know what's going on, and as a result, are expecting that
> EAP-MSCHAPv2 do things it's not supposed to do.  Trying to "Fix"
> EAP-MSCHAPv2 is a waste of time.  Find out why your expectations are
> wrong, and fix them.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080118/9f09b1ce/attachment.html>


More information about the Freeradius-Users mailing list