MSCHAPV2 authenticate including the suffix
Dean Goldhill
dgoldhill at netutils.com
Tue Jun 10 14:29:16 CEST 2014
Hello,
I have managed to get this working with TTLS & PEAP with EAP-MSCHAPV2
But I still get rejected ([mschap] FAILED: MS-CHAP2-Response is incorrect) when using TTLS with MSCHAPV2.
That's is to say, when using EAP-MSCHAPV2 (CHAP messages are encapsulated inside the EAP message) - this works
When using just MSCHAPV2 (CHAP messages are NOT encapsulated inside the EAP message) - This does not work.
But, the same thing as before:
If the username does not have a suffix (user instead of user at domain) both in the SQL database and on the supplicant, then it also works with just MSCHAPV2 (CHAP messages are NOT encapsulated inside the EAP message).
As soon as I try to authenticate a user that has a suffix, they get rejected.
Can anyone suggest something to try?
Much appreciated.
Thanks
-----Original Message-----
From: Dean Goldhill
Sent: 09 June 2014 18:03
To: 'FreeRadius users mailing list'
Subject: RE: MSCHAPV2 authenticate including the suffix
Thank you Alan,
This is now working with the same config after upgrading to version 2.2.5
-----Original Message-----
From: freeradius-users-bounces+dgoldhill=netutils.com at lists.freeradius.org [mailto:freeradius-users-bounces+dgoldhill=netutils.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 09 June 2014 14:26
To: FreeRadius users mailing list
Subject: Re: MSCHAPV2 authenticate including the suffix
Dean Goldhill wrote:
> When trying to authenticate, it says:
>
> [mschap] ERROR: User-Name (user at domain.com) is not the same as MS-CHAP
> Name (user) from EAP-MSCHAPv2.
Use a recent version of the server. That error has been changed to a warning.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list