[RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2

[Heikki Vatiainen]

On 04/17/2012 01:29 PM, Sudhir Harwalkar wrote:
> 
> Because previously it was working fine without any modification from client side, does modification in EAP_43.pm is affecting for authentication?
> From the client log its failing after username and Pw. See the screen shot of the client log.

The change in EAP_43.pm does one thing. If Server-Unauthenticated
provisioning is done, instead of requiring just one ciphersuite
(TLS_DH_anon_WITH_AES_128_CBC_SHA) the mode is entered when this
ciphersuite is present with possible other suites. One such suite is
TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746.

If you want to go back to EAP_43.pm, just take it from Radiator
distribution and copy it over to any existing EAP_43.pm you have in your
system.

The PAC provisioning is not affected and using SQL (SQLite in your case)
for storing the PAC does not change how it is generated and provisioned.

You should experiment with your client and see its logs for why it does
not work. The configuration I returned to you was working and tested
fine here.

Thanks!
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.