Phase 2 on PEAP and EAP-TTLS
panos at comp.lancs.ac.uk
Thu Nov 18 11:28:08 EST 2010
> Panagiotis Georgopoulos wrote:
> > Well, that is the problem I am having.. I see different behaviour on
> > the FR's side when using PEAP/MSCHAPv2 and EAP-TTLS/EAP-MSCHAPv2 in
> > 2. I am noticing two pairs of MS-MPEE keys in the Access-Accept message
> > sent by FR (see below) when I am using EAP-TTLS/EAP-MSCHAPv2 which I
> > have when I use PEAP/MSCHAPv2...
> I don't recall seeing that problem in my config. So...
Well, I've posted on FR's mailing list with a full debug output from my
setup if you want to follow up.
> > So, I am trying to investigate why I am getting 2 MS-MPEE keys on
> > EAP-TTLS/EAP-MSCHAPv2 and not on PEAP/MSCHAPv2 although theoretically
> > they follow the same (or very similar) process...
> You can configure FreeRADIUS to filter the extra attributes.
Yes I can, but the fact that you don't see this in your setup is more
worrying. Don't take me wrong, it is a good thing that there is a solution
to my problem, but it would have been better if I didn't have the problem in
the first place!
> This isn't a problem with wpasupplicant.
> Alan DeKok.
Well, I was trying to verify that my configuration with PEAP and EAP-TTLS in
Phase 2 is correct in wpa_supplicant and that it is doing in Phase2 what I
am expecting it to do. Now I can focus more on the FR's side of things.
Thank you both for your replies,
More information about the HostAP