I am doing IKEv2 EAP-MSCHAPv2 radius Passthrough.
On Jan 18, 2008 1:43 AM, Alan DeKok <[EMAIL PROTECTED]> wrote: > indira kolli wrote: > > I finally got it working. I missed the reply to the second > > access-challenge. > > How could you possibly miss that? If you're using a standard > supplicant, that packet should be about 1/10 of a second after the first > one. > > > One thing I am still not sure is about MPPE keys. > > For us we are using only EAP-MSCHAPv2 without peap. > > The authenticator needs the MPPE keys to authenticate the peer. > > But in the EAP-MSCAHPv2 Access-Challenge or Access-accept don't see the > > keys. I see that the keys are generated for MSCHAPv2 but are > > deleted before the request is sent. > > Perhaps you could try reading my messages. You were already told that > EAP-MSCHAPv2 does not generate the MPPE keys. > > Even if you changed the server source code, the AP's wouldn't look for > the MPPE keys. Even if you fixed the AP's, the supplicants wouldn't use > encryption for the wireless links. > > And you haven't said if you're using this for wireless or wired > authentication. > > I think you're really not clear on what you want to do, how the > equipment works, and how the protocols work. I suggest spending time > reading more AP documentation before asking EAP-MSCHAPv2 questions on > this list. The problem is NOT EAP-MSCHAPv2. The problem is that you > don't know what's going on, and as a result, are expecting that > EAP-MSCHAPv2 do things it's not supposed to do. Trying to "Fix" > EAP-MSCHAPv2 is a waste of time. Find out why your expectations are > wrong, and fix them. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
