Hi, > I'm trying to implement PEAP-MSCHAPV2 support in an existing and working > configuration with EAP-TTLS + PAP, > giving users a full support of eduroam. There are proxy radius maintained by > our national "provider", and they test > authentication every 15 minutes. > > When they only test EAP-TTLS authentication, it works, and this is a part of > the output of freeradius -X.
can I ask a quick question. do you need/want your own users to use PEAP....whether you choose to use EAP-TTLS/PAP or PEAP/MSCHAPv2 is up to you for your users....a visitor to your site should be able to use PEAP if their home site supports it as your FreeRADIUS boxes will just proxy the request to the national proxies. I'm not sure why the central test should be forcing you to support all types of EAP - it should only check that you are working for the EAP methods that you, as an IdP support. > } # server inner-tunnel > [ttls] Got tunneled reply code 2 ^^^^^^ eh? I thought you said this second test was a PEAP test. are you sure it is as this looks very much like an EAP-TTLS/MSCHAPv2 test > Sending Access-Challenge of id 9 to 193.51.182.121 port 35055 > User-Name = "u...@realm" > EAP-Message = > 0x010a005f1580000000551703010050f984b434f276e050b0697e427d30ddfe2c0d9cc56a8f5da6ab447bbabae115d8181dfce1b6e52f33fcd2a20d5e26f574b9be69fa946342eafbd7ea350d5782490593a260401dae6b1c71f16f30b3ab38 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xcda13382c4ab2647095b27820a4b1850 theres plenty in the FreeRADIUS docs about 'why do I not get anything after an Access-Challenge' - usually down to certs. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
