Phase 2 on PEAP and EAP-TTLS

Jouni Malinen j
Thu Nov 18 04:10:50 PST 2010

On Thu, Nov 18, 2010 at 11:23:43AM -0000, Panagiotis Georgopoulos wrote:
> > >               phase1="peaplabel=1"
> > 
> > Are you sure the authentication server is using the new PEAP label?
> > Most servers don't.
> Well, I am using FreeRadius 2.1.10 and I see no warnings or errors on the
> FR's output regarding label=1 and the authentication finishes successfully.
> Shouldn't I have seen an error/warning somewhere in the output?

Not on the RADIUS server. The authentication part goes through just
fine, but the derived keys are different and should you use this, e.g.,
for WPA2-Enterprise, the peer would fail to complete the connection
because of the mismatch in the keys.

> I am afraid I am unable to find whether the new label is supported on
> freeradius' website...

It doesn't. It is safe to assume that more or less whatever server you
would use, it will not use the new label with PEAPv0 or even with
PEAPv1. There are only couple of exceptions to this rule and those are
not exactly popular authentication servers.

> Well.. since in theory PEAP is using only EAP based methods in Phase 2, I am
> thinking that setting phase2="auth=MSCHAPV2" it would do EAP-MSCHAPv2. Your
> characterization as "based" worries me a little...:-D

Worry about what? Why would be different if it were MSCHAPv2 without EAP
encapsulation? Anyway, yes, it is EAP-MSCHAPv2 of which the PEAP
encapsulation removes parts of the tunneled EAP header.

> I totally see your point, thus is the reason I think, you consider valid
> options both auth=MSCHAPv2 and autheap=MSCHAPv2 for EAP-TTLS in phase2 to
> distinguish between plain mschapv2 and eap-mschapv2, right? This is exactly
> what I wanted to clarify...

Correct (or well, with the clarification that the correct spelling of
that in auth/autheap parameters is with upper case 'v', i.e.,

> On a similar note, would the EAP-PEAP/MSHAPv2 and EAP-TTLS/EAP-MSCHAPv2 have
> exactly the same second phase? In theory, when they both establish a secure
> channel in Phase 1 using their respective mechanisms, they should have
> identical phase2 based on EAP-MSCHAPv2. Right or wrong?

It sort of depends on how strict you want to be with "exactly the
same".. ;-) Depending on PEAP version, the inner EAP-MSCHAPv2 EAP header
may be modified. The payload of the inner method is identical. Though,
you may also want to note that it is actually not identical in case of
EAP-FAST/EAP-MSCHAPv2 which uses implicit challenge from Phase 1 in the
Phase 2 EAP-MSCHAPv2.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list