Unable to decipher what's coming back via a PEAP tunnel

Joe Garcia joe27256 at gmail.com
Fri Jan 10 09:22:39 CET 2020

I'm working with a third-party app that authenticates to a FreeRADIUS server
via MSCHAPv2 over PEAP and need up update a few parts of it, but I can't
figure out what FreeRADIUS is sending over the PEAP tunnel when it's not
sending MSCHAPv2 data.  The current code doesn't try and break down the
messages, possibly because my predecessor also couldn't figure out what they
were, but there's now a requirement to do this.

The initial Identity Request sent by FreeRADIUS over the PEAP tunnel is:

  01       // Identity-Request
  06       // ?
  00 05    // length = 5
  01       // ?

The Identity Request sent by FreeRADIUS over the PEAP tunnel in response to an
incorrect identity in the MSCHAPv2 process, i.e. what you get instead of an
MSCHAPv2 response, is:

  01       // Identity-Request
  08       // ?
  00 0B    // length = 11
  21 80 03 00 02 00 02 // ?

Problem is I can't translate these messages into anything useful (the field
names I've used above are guesswork), this doesn't correspond to any message
format that I can identify, RADIUS, EAP, DIAMETER, PEAP, there are bits and
pieces in there that could correspond to various things like EAP and RADIUS,
and the byte string starting 0x21 could be a MS-Authentication-TLV but what
follows doesn't match draft-hiller-eap-tlv-01.txt, and it also doesn't work as
an EAP-Request, also 0x21.

Can anyone tell me what format this is?


More information about the Freeradius-Users mailing list