[RADIATOR] TTLS and AuthbyLSA

Johnson, Neil M neil-johnson at uiowa.edu
Mon Jan 10 09:48:42 CST 2011


Heikki,

TTLS-MSCHAPv2 works.

I was confused. I thought ttls-eap-mscahpv2 was ttls-mschapv2.

Still, it be nice to know why the inner identity is being found.

Thanks.

-Neil

-- 
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu 


> -----Original Message-----
> From: Heikki Vatiainen [mailto:hvn at open.com.au]
> Sent: Monday, January 10, 2011 9:26 AM
> To: Johnson, Neil M
> Cc: Mike McCauley; radiator at open.com.au
> Subject: Re: [RADIATOR] TTLS and AuthbyLSA
> 
> On 01/10/2011 05:02 PM, Johnson, Neil M wrote:
> > I'm using eapol_test from the wpa_supplicant sources.
> 
> Can you try MSCHAPv2 instead of EAP-MSCHAPv2? If plain MSCHAPv2 runs in
> the TLS tunnel, then the User-Name attribute should be there too.
> 
> Is there a specific reason why you are running EAP-MSCHAPv2?
> 
> > My config file is:
> > #
> > #   eapol_test -c ttls-eap-mschapv2.conf -a server -s secret
> > #
> > network={
> >         ssid="example"
> >         key_mgmt=WPA-EAP
> >         eap=TTLS
> >         identity="nmjoo"
> >         anonymous_identity="nmjoo"
> >         password="secret"
> >         phase2="autheap=MSCHAPv2"
> 
> phase2="auth=MSCHAPV2"
> 
> >         #
> >         #  Uncomment the following to perform server certificate
> validation.
> > #       ca_cert = /etc/raddb/certs/ca.der
> 
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.


More information about the radiator mailing list