Check for identifier in EAP-PEAP phase-2

paul peterson paul.petersn
Fri Sep 24 11:49:01 PDT 2010


I'm trying to perform EAP-PEAPv1 authentication using Juniper SBR. I have
EAP-GTC disabled in wpa_supplicant, so in phase-2 when wpa_supp receives
EAP-GTC proposal, it sends legacy NAK with method MSCHAPv2. In response SBR
sends a new proposal for MSCHAPv2 but with same identifier value as in the
last EAP frame. I see wpa_supplicant does not have any check to see if the
identifier value matches with the one in the last frame received during the
EAP-PEAP second stage. Is this correct to skip the check ?

- Paul
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Hostap mailing list