Phase 2 on PEAP and EAP-TTLS

Panagiotis Georgopoulos panos at comp.lancs.ac.uk
Thu Nov 18 11:28:08 EST 2010


> Panagiotis Georgopoulos wrote:
> > Well, that is the problem I am having.. I see different behaviour on
> > the FR's side when using PEAP/MSCHAPv2 and EAP-TTLS/EAP-MSCHAPv2 in
Phase
> > 2. I am noticing two pairs of MS-MPEE keys in the Access-Accept message
> > sent by FR (see below) when I am using EAP-TTLS/EAP-MSCHAPv2 which I
don't
> > have when I use PEAP/MSCHAPv2...
> 
>   I don't recall seeing that problem in my config. So...

Well, I've posted on FR's mailing list with a full debug output from my
setup if you want to follow up.


> > 	So, I am trying to investigate why I am getting 2 MS-MPEE keys on
> > EAP-TTLS/EAP-MSCHAPv2 and not on PEAP/MSCHAPv2 although theoretically
> > they follow the same (or very similar) process...
> 
>   You can configure FreeRADIUS to filter the extra attributes.  

Yes I can, but the fact that you don't see this in your setup is more
worrying. Don't take me wrong, it is a good thing that there is a solution
to my problem, but it would have been better if I didn't have the problem in
the first place!

> This isn't a problem with wpasupplicant.
> 
>   Alan DeKok.

Well, I was trying to verify that my configuration with PEAP and EAP-TTLS in
Phase 2 is correct in wpa_supplicant and that it is doing in Phase2 what I
am expecting it to do. Now I can focus more on the FR's side of things.

Thank you both for your replies,
Panos







More information about the HostAP mailing list