Username on EAP-MSCHAPv2
jkmaline at cc.hut.fi
Wed Feb 14 22:38:39 EST 2007
On Mon, Dec 04, 2006 at 11:31:29AM +0530, ramprasad.rajendran at wipro.com wrote:
> I am using wpa_supplicant version 0.5.5 and hostapd 0.4.9 as the
> authenticator cum RADIUS.
> I am testing with EAP-MSCHAPv2
Only with EAP-MSCHAPv2 or with protected tunnel, e.g.,
EAP-PEAP/MSCHAPv2? If you are using only EAP-MSCHAPv2, please note that
it does not generate long enough key by default and may not be useful if
you need dynamic keying (and I would not really recommend using MSCHAPv2
without the encrypted tunnel anyway).
> The username in the hostapd's user and password file has the format
> I tried setting the username at the configuration file at the supplicant
> to user at DOMAIN, DOMAIN\user, but gets rejected.
> Is there any particular format in which the user name must be used for
Yes, DOMAIN\user is the only format currently supported for the case
where domain part needs to be removed for challenge/response validation.
I did a quick test with EAP-PEAP with EAP-MSCHAPv2 as the inner
authentication method and it seemed to work fine between wpa_supplicant
0.5.x and hostapd 0.4.x when using DOMAIN\user format for the user name.
Jouni Malinen PGP id EFC895FA
More information about the HostAP