PEAP/MSCHAPv2 failing with Windows 7
Phil Mayers
p.mayers at imperial.ac.uk
Tue May 10 16:32:50 CEST 2011
On 05/10/2011 03:00 PM, Garber, Neal wrote:
>> In the PEAP properties, EAP-MSCHAP v2, if you DISABLE
>> "automatically use my windows logon name and password" and instead
>> enter the credentials manually it works.
>
> Look at:
>
> http://freeradius.1045715.n5.nabble.com/MSCHAP-Authentication-Issue-td2785146.html
>
> to see if this is your problem (look at the table in the post). If
> so and you're running a version< 2.1.10, upgrade as this problem is
> fixed in 2.1.10..
One additional note: the fixes that went into 2.1.10 extract (verbatim)
the client username from the EAP-MSCHAPv2 response, and pass that
through to the rlm_mschap module as an extra attribute.
This won't work for the OP even under 2.1.10, because his Aruba kit is
terminating the PEAP, and then proxying the EAP-MSCHAPv2 as plain
MS-CHAPv2, so (as advised elsewhere) he'll still need to change that.
You're almost certainly right about the cause/fix.
More information about the Freeradius-Users
mailing list