Dear Alan, Thank you for the quick reply. Indeed, on WinXP I was using the Funk Odyssey client as it offered a good debug log. However, I tested using different supplicants like IntelPROSet on WinXP and the OSX 10.4 built-in supplicant with consistent results.
I even tried a LinkSys WAP54G Fat AP firmware v3.04, as well as the Aruba switch with its thin AP with no difference in the results. I would certainly appreciate any tips on the possible workarounds you mentioned. Thx Mak -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, October 05, 2006 8:05 AM To: FreeRadius users mailing list Subject: Re: Any luck with 802.1x authentication using TTLS with MSCHAPv2 ? "Mak Moussa" <[EMAIL PROTECTED]> wrote: > I would appreciate any insight into the 802.1x authentication using TTLS > with MSCHAPv2. Such auth scheme is constantly failing in my wireless setup > with FreeRadius. I tried 3 versions v1.0.5, v1.1.2 and v1.1.3 with not much > luck. OK... > The following authentication schemes worked fine: > 1. TTLS w/ MSCHAP from my wireless client to freeradius v1.0.5, v1.1.2, > v1.1.3 > 2. PEAP w/ MSCHAPv2 with same wireless client to same freeradius versions. > 3. TTLS w/ MSCHAPv2 from the same wireless setup to an SBR v5.3 OK. > If I made a freeradius configuration mistake, TTLS with mschap wouldn't > work. Hmm... it may be that the MSCHAPv2 support in the TTLS code needs work. I haven't looked at it recently, but I do recall some work-arounds.. Which client are you using? It looks like Windows, but Windows doesn't support TTLS natively, so you're obviously doing something special. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
