aland at deployingradius.com
Mon May 24 14:09:11 CEST 2021
On May 24, 2021, at 8:00 AM, manjunatha srinivasan <manjunathan.n at gmail.com> wrote:
> Below is my-setup of testing EAP-FAST/EAP-MSCHAPv2 with cross-over cable
> connected between supplicant's client and hostapd/freeradius. Note, both
> hostapd and freeradius are running on host - Ubuntu 16.04. Also attached
> log of freeradius.
> server(freeradius v3.0.15).
Perhaps try 3.0.22, which was just released. I don't think there's any changes related to FAST, but it can't hurt.
> By the way, wpa_suppliant is not enabled for CONFIG_EAP_FAST support and
> default to gnuTLS. I have re-compiled it, to support openssl (1.1.0) and
> enabled EAP_FAST for testing.
> The question is: I am successfully testing EAP-PEAP/EAP-MSCHAPv2 and
> EAP-TTLS/EAP-MSCHAPv2. But, fails in EAP-FAST/EAP-MSCHAPv2.
> Please let me know if EAP-MSCHAPv2 is supported in freeradius with
> wpa_supplicant communication.
It should be,
> Below is partial output where error occurs during inner tunnel
> 7) mschap: Found Cleartext-Password, hashing to create NT-Password
> (7) mschap: Found Cleartext-Password, hashing to create LM-Password
> (7) mschap: Creating challenge hash with username: user2
> (7) mschap: Client is using MS-CHAPv2
> *(7) mschap: ERROR: MS-CHAP2-Response is incorrect*(7) [mschap] = reject
That seems pretty clear. The MS-CHAP code is used for *all* MS-CHAP calculations. So we know that it's correct.
Maybe there's something odd in the EAP-FAST code.
More information about the Freeradius-Users