mschap/peap question

Alan DeKok aland at
Fri Jul 2 17:23:58 CEST 2010

Wegener, Norbert wrote:
> With 2.1.8 and the configuration from
> I want to test a radius configuration. The linux server running radius is member 
> of the AD domain, mschap succeeds but finally the authentication fails.
> freeradius sends Challenges to which eapol_test will not respond. 
> This should not be the behaviour mentioned in eap.conf regarding windows compatibility
> as eapol_test says:
> ...
> EAP-MSCHAPV2: RX identifier 11 mschapv2_id 10
> EAP-MSCHAPV2: Received success
> EAP-MSCHAPV2: Invalid authenticator response in success request
> EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
> and finally fails.

  If you're running Samba... it's a Samba bug.

  Like most of these issues, try it with a test user && password in the
"users" file.  If it works there, but not when Samba is used: blame Samba.

  See eap.conf in 2.1.8 for pointers to the bug URL.

  Alan DeKok.

More information about the Freeradius-Users mailing list