Strange error in eapol_test

Phil Mayers p.mayers at
Wed Jan 18 15:55:00 CET 2012

On 17/01/12 16:24, Rui Ribeiro wrote:
> Hi list,
> Still setting up a freeradius for eduroam -- internally it is
> working fine EAP, TTLS and al, however when proxying/connecting to
> the eduroam, everything seems ok in freeradius logs, however,
> eapol_test finishes with an error (WARNING: PMK mismatch -- MPPE keys
> OK: 0 mismatch: 1 FAILURE).

I have seen this before, but I don't have the details to hand.

If I recall, I decided it's a bug in eapol_test related to calculating 
the MSCHAP response.

For usernames of the form "DOMAIN\user" all sides correctly removes the 
"DOMAIN\" before calculating the response.

For usernames of the form "user at domain", eapol_test seems to include the 
@domain when calculating the response.

At the server, it varies depending on whether you are using FreeRADIUS 
"internal" MSCHAP versus ntlm_auth.

Basically: ignore it. I think it's a bug in eapol_test.

More information about the Freeradius-Users mailing list