LDAP PEAPv0/MSCHAPv2 Authentication

Nicholas Cappelletti nick at switchtower.org
Sun Aug 2 13:41:05 CEST 2009

I thought that was interesting also.  I did notice that.  When my laptop makes a request to the server, when I'm using the users file, it sends the PEAP request as expected.  When I enable LAP authentication/authorization, the default eap type is used instead.

I've read through other posts, concerning this matter, and it's suggest to leave the server as 'default' as possible, which I have done.

Would you, or anyone else, suggest changing the default eap type to peap then?

Ivan, I do, very much, appreciate your dedication to the alias and all the work you do on the freeradius project, it seems it's sometimes tireless. :)


----- Original Message -----
From: "Ivan Kalik" <tnt at kalik.net>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Sunday, August 2, 2009 3:32:03 AM GMT -05:00 US/Canada Eastern
Subject: Re: LDAP PEAPv0/MSCHAPv2 Authentication

 > Okay, 802.1x for wireless works great when I'm using the default config
> files.  I use the automatically generated cert and create a few users in
> the users config file.
> And here is is when I configure the modules/ldap.  This is with LDAP
> enabled for authentication in the sites-enabled/inner-tunnel with nothing
> else changed:
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled

Your server would disagree. It thinks that this is EAP-MD5, not PEAP request.

Ivan Kalik
Kalik Informatika ISP

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list