Authentication issues with Win7 and WPA/WPA2 Enterprise

Phil Mayers p.mayers at imperial.ac.uk
Wed May 18 19:29:54 CEST 2011


On 18/05/11 17:10, Gary Gatten wrote:
> I would LOVE if W7 just worked!  People here are blaming FR and I'm
> trying to convince them it has nothing to do with it, but since the
> MSCHAP challenges / responses are hashed I can't PROVE it to them.

As per previous posts:

Your Aruba wireless equipment is:

  a. Terminating the outer EAP-PEAP
  b. Translating the inner EAP-MSCHAPv2 to plain MS-CHAPv2

I strongly suspect this will be causing the problems you are having, and 
I even suspect I know how - I think it's probably clients typing in 
their username in mIxEd-CaSe, which will cause cryptographich (hash) 
mismatches at client and server without careful preservation of the EAP 
payload.

As per Neal Garber's post of 10th May, even FreeRADIUS had problems with 
this prior to 2.1.10

Are you / have you been able to:

  1. stop terminating the PEAP on the Aruba
  2. upgrade to FreeRADIUS 2.1.10

?



More information about the Freeradius-Users mailing list