Check for identifier in EAP-PEAP phase-2

paul peterson paul.petersn at gmail.com
Fri Sep 24 14:49:01 EDT 2010


Hi,

I'm trying to perform EAP-PEAPv1 authentication using Juniper SBR. I have
EAP-GTC disabled in wpa_supplicant, so in phase-2 when wpa_supp receives
EAP-GTC proposal, it sends legacy NAK with method MSCHAPv2. In response SBR
sends a new proposal for MSCHAPv2 but with same identifier value as in the
last EAP frame. I see wpa_supplicant does not have any check to see if the
identifier value matches with the one in the last frame received during the
EAP-PEAP second stage. Is this correct to skip the check ?


- Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20100925/bef6c532/attachment.htm 


More information about the HostAP mailing list