MSCHAPV2 authenticate including the suffix
Alan DeKok
aland at deployingradius.com
Thu Jun 12 16:05:35 CEST 2014
Dean Goldhill wrote:
> I have attached 2 debug outputs,
> 1- using domain at user with TTLS & MSCHAPV2 (not EAP-MSCHAPV2) - does not work
> 2- using domain at user with TTLS & EAP-MSCHAPV2 - does work
>
> SO the issues is that when the username contains a suffix, using MSCHAPV2 (as opposed to EAP-MSCHAPV2) I get rejected.
What client are you using? My guess is that the client is putting one
user name into MS-CHAP, and a completely different one into EAP-MSCHAPv2.
FreeRADIUS works with TTLS + MSCHAPv2, and TTLS + EAP-MSCHAPv2. At
least for all clients I'm aware of.
Alan DeKok.
More information about the Freeradius-Users
mailing list