[RADIATOR] MSCHAP Android Setting

Heikki Vatiainen hvn at open.com.au
Wed May 26 11:57:50 UTC 2021


On 25.5.2021 20.32, Ullfig, Roberto Alfredo wrote:

> Our Android documentation says to use "For Anonymous identity use 
> Anonymous" but that appears to be wrong based on our tests today - where 
> we need to enter the PEAP username in that field. Is there a 
> configuration in the Radius config that I can look at to see what we 
> support? Thanks!

I would do this:
- create a Radiator instance with debug (Trace 4) logging enabled
- configure it to authenticate PEAP/EAP-MSCHAP-V2 (the typical combiantion)
- attempt to authenticate with different settings on the phone
- see the logs

With PEAP/EAP-MSCHAP-V2 a username can be seen in:
1. User-Name attribute in RADIUS request
2. EAP identity in the outer EAP carried by RADIUS requests
3. User-Name attribute in the request object Radiator creates for inner 
EAP-MSCHAP-V2 request
4. EAP identity in the inner EAP-MSCHAP-V2 request
5. in the Name field in the EAP-MSCHAP-V2 message the client sends

I would say "Anonymous identity" sets 2. which is then used by WLAN 
controller, or similar autheticator, to set Radius User-Name when a 
RADIUS message is created.

Values 4. and 5. should also be the same and these are the actual 
username that is authenticated.

Value 3. can be set with EAPAnonymous Radiator configuration parameter. 
Because Radiator creates a request object for the inner EAP message, it 
adds inner User-Name based on EAPAnonymous value. This defaults to 
'anonymous' but with %0 it will use 4. (inner identity) once it's known.

To summarise: Radiator's debug logging will show what gets set and 
changed by different Android configuration paramters.

If needed, please don't hesitate to post the full logs.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.


More information about the radiator mailing list