indira kolli wrote: > I finally got it working. I missed the reply to the second > access-challenge.
How could you possibly miss that? If you're using a standard supplicant, that packet should be about 1/10 of a second after the first one. > One thing I am still not sure is about MPPE keys. > For us we are using only EAP-MSCHAPv2 without peap. > The authenticator needs the MPPE keys to authenticate the peer. > But in the EAP-MSCAHPv2 Access-Challenge or Access-accept don't see the > keys. I see that the keys are generated for MSCHAPv2 but are > deleted before the request is sent. Perhaps you could try reading my messages. You were already told that EAP-MSCHAPv2 does not generate the MPPE keys. Even if you changed the server source code, the AP's wouldn't look for the MPPE keys. Even if you fixed the AP's, the supplicants wouldn't use encryption for the wireless links. And you haven't said if you're using this for wireless or wired authentication. I think you're really not clear on what you want to do, how the equipment works, and how the protocols work. I suggest spending time reading more AP documentation before asking EAP-MSCHAPv2 questions on this list. The problem is NOT EAP-MSCHAPv2. The problem is that you don't know what's going on, and as a result, are expecting that EAP-MSCHAPv2 do things it's not supposed to do. Trying to "Fix" EAP-MSCHAPv2 is a waste of time. Find out why your expectations are wrong, and fix them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
