But why

Alan Buxey alan.buxey at gmail.com
Wed Oct 2 19:48:36 CEST 2019


hi,

> > Wed Oct  2 17:57:23 2019 : Debug: (10) eap: Peer sent packet with method
> > EAP NAK (3)

client didnt like what was offered

> > Wed Oct  2 17:57:23 2019 : Debug: (10) eap: Found mutually acceptable type
> > MSCHAPv2 (26)
> > Wed Oct  2 17:57:23 2019 : Debug: (10) eap: Calling submodule eap_mschapv2

but was happy to do eap_mschapv2

given your default peap method is gtc, that was what probably caused
the NAK in the tiny snippet
of logs you provided

> Pretty much standard. I expect TTLS + PAP, not MSCHAPv2
>
> Is this a normal outcome?
> Why iOS doesn't try PAP?

because 'clients' - was this client configured by a profile or was it
configured by hand or was it configured
by just trying to join the SSID?

> Having a User-Password attribute doesn't serve as a hint for the server
> when looking for a mutually acceptable type?

it could do - but you havent provided any config or full debug output
so i couldnt say how your server is configured.

alan


More information about the Freeradius-Users mailing list