On 01/10/2011 05:48 PM, Johnson, Neil M wrote: > TTLS-MSCHAPv2 works.
Great! > I was confused. I thought ttls-eap-mscahpv2 was ttls-mschapv2. Well, I did not notice this either until I checked wpa_supplicant doc and took a peek at the code. Only then I realised that EAP is not necessary and plain MSCHAPv2 over TTLS tunnel works too and that is the common case. > Still, it be nice to know why the inner identity is being found. I think what I wrote about checking both EAP Identity and User-Name attribute might be useful if someone, for some reason, wants to use EAP-Someting over TTLS tunnel. But I guess it is quite infrequent. TTLS RFC states that CHAP, MSCHAP and MSCHAPv2 must include User-Name but there is no such requirement for EAP. -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
