It is normal - EAP-TTLS: received 0 bytes encrypted data for Phase 2?
jkmaline at cc.hut.fi
Mon Jun 26 23:06:14 EDT 2006
On Mon, Jun 26, 2006 at 07:57:38PM -0700, Andrew wrote:
> I am trying to do TTLS/MSCHAPV2 with FreeRadius server, but see the
> following error on the freeRadius server side -
> modcall: entering group MS-CHAP for request 5
> rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
I don't have any problems with FreeRADIUS. This part of the debug log
shows as follows:
modcall: entering group Auth-Type for request 24
rlm_mschap: Told to do MS-CHAPv2 for jkm-mschapv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
> I see this on the wpa_supplicant side -
> EAP-TTLS: received 0 bytes encrypted data for Phase 2
> EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request
> EAP-TTLS: Phase 2 MSCHAPV2 Request
> EAP-TTLS: MSCHAPV2: implicit auth_challenge - hexdump(len=16): e5 e3 aa
> 58 a1 11 50 d4 55 8a a8 8e 71 ba 1f e4
> Is it normal to have 0 bytes encrypted data for phase 2? Any suggestion
> what I should check for?
Yes, this is the expected behavior. EAP-TTLS does not send
EAP-Request/Identity at this point of the authentication.
> For the user name and password, I configured the identity and password
> in wpa configuration file, and for FreeRadius server, I configure in
> users file, "username" User-Password == "password".
Do you include backslash in the username (e.g., DOMAIN\user)? Is
EAP-TTLS/MSCHAPv2 the only method that does not work or are other
methods (e.g., EAP-TTLS/PAP) showing the same problem?
Which Auth-Type are you using in the FreeRADIUS configuration? I'm using
following type of configuration for this:
user-mschapv2 Auth-Type := MS-CHAP, User-Password == "password"
Jouni Malinen PGP id EFC895FA
More information about the HostAP