Help: EAP-FAST/EAP-MSCHAPv2

manjunatha srinivasan manjunathan.n at gmail.com
Tue May 25 02:14:22 CEST 2021


Hi Alan

Thanks for your reply. Previously I was compiling 3.0.22 with the gcc 5.4
compiler where I am facing
compilation issues. Can you confirm from my attached EAP-FAST-error.log, Is
that configuration
changes are okay? I am using the user mentioned in file
'/etc/freeradius/users' and also password is the same as in
wpa_supplicant.conf.
--
 error: static declaration of ‘ASN1_STRING_get0_data’ follows non-static
declaration
 static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING
*x)
--
Regards
Manjunatha Srinivasan N


On Mon, 24 May 2021 at 17:39, Alan DeKok <aland at deployingradius.com> wrote:

> On May 24, 2021, at 8:00 AM, manjunatha srinivasan <
> manjunathan.n at gmail.com> wrote:
> > Below is my-setup of testing EAP-FAST/EAP-MSCHAPv2 with cross-over cable
> > connected between  supplicant's client and hostapd/freeradius. Note,
> both
> > hostapd and freeradius are running on host - Ubuntu 16.04. Also attached
> > log of freeradius.
> >
> > <wpa_supplicant(v2.9)<--->Authenticator(hostapd)<----->Authentication
> > server(freeradius v3.0.15).
>
>   Perhaps try 3.0.22, which was just released.  I don't think there's any
> changes related to FAST, but it can't hurt.
>
> > By the way, wpa_suppliant is not enabled for CONFIG_EAP_FAST support and
> > default to gnuTLS.  I have re-compiled it, to support openssl (1.1.0) and
> > enabled EAP_FAST for testing.
> >
> > The question is: I am successfully testing EAP-PEAP/EAP-MSCHAPv2 and
> > EAP-TTLS/EAP-MSCHAPv2. But, fails in EAP-FAST/EAP-MSCHAPv2.
> >
> > Please let me know if EAP-MSCHAPv2 is supported in freeradius with
> > wpa_supplicant communication.
>
>   It should be,
>
> > Below is partial output where error occurs during inner tunnel
> > authentication:
> >
> > ----------------
> > 7) mschap: Found Cleartext-Password, hashing to create NT-Password
> > (7) mschap: Found Cleartext-Password, hashing to create LM-Password
> > (7) mschap: Creating challenge hash with username: user2
> > (7) mschap: Client is using MS-CHAPv2
> >
> > *(7) mschap: ERROR: MS-CHAP2-Response is incorrect*(7) [mschap] = reject
>
>   That seems pretty clear.  The MS-CHAP code is used for *all* MS-CHAP
> calculations.  So we know that it's correct.
>
>   Maybe there's something odd in the EAP-FAST code.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list