AW: mschap/peap question

Wegener, Norbert Norbert.Wegener at
Fri Jul 2 18:51:03 CEST 2010

Using the users file it works. So samba can be blamed even in the current version 3.4.7 :-(

With best regards,
Norbert Wegener
Siemens AG
Siemens IT Solutions and Services
Bruchstraße 5
45883 Gelsenkirchen, Germany
Tel.: +49 (209) 94565716
Fax: +49 (201) 8165581284
mailto:norbert.wegener at

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Peter Loescher, Chairman, President and Chief Executive Officer; Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
Von: at [ at] im Auftrag von Alan DeKok [aland at]
Gesendet: Freitag, 2. Juli 2010 17:23
An: FreeRadius users mailing list
Betreff: Re: mschap/peap question

Wegener, Norbert wrote:
> With 2.1.8 and the configuration from
> I want to test a radius configuration. The linux server running radius is member
> of the AD domain, mschap succeeds but finally the authentication fails.
> freeradius sends Challenges to which eapol_test will not respond.
> This should not be the behaviour mentioned in eap.conf regarding windows compatibility
> as eapol_test says:
> ...
> EAP-MSCHAPV2: RX identifier 11 mschapv2_id 10
> EAP-MSCHAPV2: Received success
> EAP-MSCHAPV2: Invalid authenticator response in success request
> EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
> and finally fails.

  If you're running Samba... it's a Samba bug.

  Like most of these issues, try it with a test user && password in the
"users" file.  If it works there, but not when Samba is used: blame Samba.

  See eap.conf in 2.1.8 for pointers to the bug URL.

  Alan DeKok.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list