Strange error in eapol_test
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 18 15:55:00 CET 2012
On 17/01/12 16:24, Rui Ribeiro wrote:
>
> Hi list,
>
> Still setting up a freeradius for eduroam -- internally it is
> working fine EAP, TTLS and al, however when proxying/connecting to
> the eduroam, everything seems ok in freeradius logs, however,
> eapol_test finishes with an error (WARNING: PMK mismatch -- MPPE keys
> OK: 0 mismatch: 1 FAILURE).
I have seen this before, but I don't have the details to hand.
If I recall, I decided it's a bug in eapol_test related to calculating
the MSCHAP response.
For usernames of the form "DOMAIN\user" all sides correctly removes the
"DOMAIN\" before calculating the response.
For usernames of the form "user at domain", eapol_test seems to include the
@domain when calculating the response.
At the server, it varies depending on whether you are using FreeRADIUS
"internal" MSCHAP versus ntlm_auth.
Basically: ignore it. I think it's a bug in eapol_test.
More information about the Freeradius-Users
mailing list