Hello all,
I am using EAP-TTLS/EAP-MSCHAPv2 to authenticate clients with a FR 2.1.10 backend AAA server. Requests go over an Access Point (playing the role of the NAS), then get forwarded to a Proxy AAA FR 2.1.10 server and finally get routed to my backend server. My client is using wpa_supplicant with "EAP=TTLS" and "Phase2="autheap=mschapv2"" options in the configuration file. The problem I am having is that when the FR sends the final Accept-Accept to the client, I end up having two MS-MPPE-Send-Key and MS-MPPE-Recv-Key keys of different length, one added by the mschap module and one added by the eap module, as seen here : Sending Access-Accept of id 52 to 2001:db95::100 port 1814 Reply-Message = "Hello, bob-mr1" MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x8566119a6066e8eb7c1663dea8d1629b MS-MPPE-Recv-Key = 0xc1f99bac753248c48db73fd5585bf810 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "bob-mr1" MS-MPPE-Recv-Key = 0x2eb89da2ac20179cb2b99391f94ca2bddf1701c67c524badad98ce56f09873dc MS-MPPE-Send-Key = 0x0cf013411cfcea14ae9dee56baaf5467e55caed80fa83ffbbdf0f5998ce7fe62 EAP-Message = 0x03cf0004 Proxy-State = 0x3130 (if someone wants a full debug output of the server it is posted here : http://pastebin.com/aXFMXXbT ) Having two MS-MPPE key pairs is wrong and does not allow the end-client to properly finish its key exchange with the Access Point, but restarts the EAP-TTLS communication. I figured out that I could remove one pair of keys, by either doing this at the end of my post-auth section of my inner-tunnel : update reply { MS-MPPE-Send-Key !* 0x00 MS-MPPE-Recv-Key !* 0x00 } ..or if I set "use_mppe=no" to the mschap module although this means that I will be loosing the MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types attributes as well. Which one do you think is the best approach and has less impact for other authentication methods (e.g. straightforward mschapv2 or others)? By the way, I also tried using PEAP and mschapv2 for phase 2 but it didn't have the above problem (it had just one pair of MS-MPPE keys). Isn't that weird since mschapv2 in PEAP is also eap-mschapv2 so it would expect to get exactly the same phase 2 with EAP-TTLS.. What am I missing here? Thanks a lot in advance, Panos
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html