It is normal - EAP-TTLS: received 0 bytes encrypted data for Phase 2?

Jouni Malinen jkmaline
Mon Jun 26 21:46:27 PDT 2006

On Mon, Jun 26, 2006 at 09:31:12PM -0700, Andrew wrote:

> I checked your configuration for the username /password on the Radius
> server. I had double quote "" over the username, so I remove the quote,
> but got the same result. Then I tried adding "Auth-Type := MS-CHAP,",
> which I don't have that previously, but with that it fails at even
> earlier stage - It did not even start TLS handshake, and failed with
> "module "mschap" returns reject for request 0". Do I need to have
> "Auth-Type := MS-CHAP," in my users file?

Are you using anymous identity in the first authentication phase? I'm
doing that and the Auth-Type := MS-CHAP is only matching for the second
phase (tunneled authentication). You should not set Auth-Type to MS-CHAP
for the first phase authentication, so use of "anonymous" as
anonymous_identity may be the best way of getting this to work.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list