Phase 2 on PEAP and EAP-TTLS
j at w1.fi
Wed Nov 17 15:11:33 EST 2010
On Wed, Nov 17, 2010 at 06:45:11PM -0000, Panagiotis Georgopoulos wrote:
> For EAP-MSCHAPv2 in Phase 2 of EAP-TTLS , I have to declare
> to wpa_supplicant Phase2="autheap=MSCHAPV2".
> For PEAP though, if I do :
Are you sure the authentication server is using the new PEAP label? Most
> phase2="auth=MSCHAPV2" (notice that it is just auth, and not
> will I be doing mschapv2 or eap-mschapv2 on Phase 2?
Well.. Depends on what you want to call the stuff that PEAP does (it may
end up removing the EAP headers from Phase 2).. But anyway, it is
> If I am right PEAP supports only EAP methods for Phase 2, so
> the two above configurations should have exactly the same phase 2, right?
EAP-TTLS is the odd one with option for both EAP and non-EAP Phase 2
methods and as such, need to have different specification for MSCHAPv2
(without EAP) and EAP-MSCHAPv2. PEAP and EAP-FAST use the auth=<EAP
method name> selection.
Jouni Malinen PGP id EFC895FA
More information about the HostAP