Phase 2 on PEAP and EAP-TTLS

Panagiotis Georgopoulos panos
Thu Nov 18 08:28:08 PST 2010

> Panagiotis Georgopoulos wrote:
> > Well, that is the problem I am having.. I see different behaviour on
> > the FR's side when using PEAP/MSCHAPv2 and EAP-TTLS/EAP-MSCHAPv2 in
> > 2. I am noticing two pairs of MS-MPEE keys in the Access-Accept message
> > sent by FR (see below) when I am using EAP-TTLS/EAP-MSCHAPv2 which I
> > have when I use PEAP/MSCHAPv2...
>   I don't recall seeing that problem in my config. So...

Well, I've posted on FR's mailing list with a full debug output from my
setup if you want to follow up.

> > 	So, I am trying to investigate why I am getting 2 MS-MPEE keys on
> > EAP-TTLS/EAP-MSCHAPv2 and not on PEAP/MSCHAPv2 although theoretically
> > they follow the same (or very similar) process...
>   You can configure FreeRADIUS to filter the extra attributes.  

Yes I can, but the fact that you don't see this in your setup is more
worrying. Don't take me wrong, it is a good thing that there is a solution
to my problem, but it would have been better if I didn't have the problem in
the first place!

> This isn't a problem with wpasupplicant.
>   Alan DeKok.

Well, I was trying to verify that my configuration with PEAP and EAP-TTLS in
Phase 2 is correct in wpa_supplicant and that it is doing in Phase2 what I
am expecting it to do. Now I can focus more on the FR's side of things.

Thank you both for your replies,

More information about the Hostap mailing list