(RADIATOR) Re: PEAP-MSCHAPv2 works, but not TTLS-MSCHAPv2

Hugh Irvine hugh at open.com.au
Fri Mar 17 16:17:38 CST 2006


Hello Nacho -

Can you please tell me what version of Radiator you are running?

The latest version is Radiator 3.14 (plus patches).

Can you also please tell me what hardware/software platform you are  
using and what version of Perl?

regards

Hugh


On 18 Mar 2006, at 04:15, Nacho Paredes wrote:

>
> Another try:
>
> Hello,
>
> I sent this message some days ago, but seems it didn't arrive to  
> the list.
> Excuse me any inconvenience.
>
> We have a Radiator system to authenticate wireless 802.1x.
> We have tested different configurations and EAP methods and everything
> worked fine, except TTLS-MSCHAPv2. We find it a bit weird because  
> we have no
> problems with TTLS-MSCHAP or PEAP-MSCHAPv2.
>
> We don't do any rewrite of the inner User-Name. We configure the  
> supplicant
> with exactly the same user name that is stored in the database  
> (user at wifi).
> We use the User-Name anonymous for the outer User-Name. Every  
> AccessPoint
> has defined DefaultRealm=wifi, so we can use this handler:
>
> <Handler Realm=wifi>
>         RewriteUsername s/^([^@]+).*/$1/
>         AuthBy OuterAuthentication
> </Handler>
>
> Since the rewrite is done over the outer User-Name, I guess it doesn't
> affect the MSCHAP-v2 process.
>
> I enclosed the Radiator configuration and log files for:
> PEAP with MSCHAPv2 (accepted)
> TTLS with MSCHAP (accepted)
> TTLS with MSCHAPv2 (rejected)
>
> The only change we make to use MSCHAP or MSCHAPv2 is modifying the  
> EAPTYpe
> parameter.
>
> Any help will be appreciated.
>
> Regards
> <LOG-TTLS MSCHAP (accept).txt>
> <LOG-TTLS MSCHAPv2 (reject).txt>
> <radius-config.txt>
> <LOG-PEAP MSCHAPV2 (accept).txt>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list