MS-CHAP2-Request is rejected
william steen
wjsteen at talktalk.net
Wed May 22 16:22:04 CEST 2019
Alan
Many thanks for explaining this to me. I need to have another go at the device maker who claim WPA2 Enterprise WiFi support - the error on the device was EAPOL_KEY_FAILURE - which is from the WICED software stack and not well explained!
Regards
William Steen
wjsteen at talktalk.net
> On 21 May 2019, at 23:10, Alan DeKok <aland at deployingradius.com> wrote:
>
> On May 21, 2019, at 3:33 PM, william steen via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> Thank you for the observations. Mea cupla - the password was wrong. Having corrected that I am getting a WICED 1064 error back on the device which I believe means EAPOL_KEY_FAILURE. I am really struggling the read the full debug and understand why it is not working. I can’t see anything in the output that says it is not working in fact I see at the end SUCCESS - so is this a device issue?
>
> You see MS-CHAP success, but the client doesn't send any more packets. Which means that the device doesn't like the MS-CHAP success, and has dropped the authentication session.
>
> It's hard to understand why it's not working from the debug log. Because the error messages are on the device, and not in the debug log. The only signal that's in the debug log is the *absence* of continued packets from the device.
>
> Which then means that the device didn't like *something* about the exchange. Since the last packet was sending MS-CHAP success, it means that the device didn't like the MS-CHAP success.
>
> Why? Magic. The error message is buried in the device. And Microsoft is very good about giving the user *zero* useful information.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list