Problem with MSCHAP
Mark Holmes
mark.holmes at nuffield.ox.ac.uk
Fri Oct 8 16:29:07 CEST 2010
All,
Many thanks for the replies.
> Firstly, don't set Auth-Type. It's almost always the wrong thing to do.
Sure - I set that just to test the AD auth was working, and removed it again prior to configuring mschap.
>EAP is a multi-pass protocol; there will be 4-8 requests, and the actual
>MS-CHAP failure will be somewhere in the middle, after the EAP-PEAP TLS
>tunnel is established, but before the failure is sent.
Ah - doh!.
I wasn't sure about posting the whole lot to this list as it runs to quite a few lines so posted it here
http://www.nuffield.ox.ac.uk/scratch/logfile.txt
Thanks,
Mark
More information about the Freeradius-Users
mailing list