Check for identifier in EAP-PEAP phase-2
paul peterson
paul.petersn
Mon Sep 27 01:17:23 PDT 2010
I'm referring to identifier in the inner (tunneled) one. So once EAP-TLS is
successfully over, Juniper SBR sends proposal for EAP-GTC with identifier
value 2, in response wpa_supplicant sends legacy NAK with EAP-MSCHAPv2 as a
supported method, and then Juniper SBR proposes EAP-MSCHAPv2 with identifier
value 2 again. In spite of same identifier value i.e. 2 in two consecutive
EAP frames from SBR, wpa_supplicant accomplishes EAP-MSCHAPv2 successfully.
- Paul
On Sat, Sep 25, 2010 at 12:19 AM, paul peterson <paul.petersn at gmail.com>wrote:
> Hi,
>
> I'm trying to perform EAP-PEAPv1 authentication using Juniper SBR. I have
> EAP-GTC disabled in wpa_supplicant, so in phase-2 when wpa_supp receives
> EAP-GTC proposal, it sends legacy NAK with method MSCHAPv2. In response SBR
> sends a new proposal for MSCHAPv2 but with same identifier value as in the
> last EAP frame. I see wpa_supplicant does not have any check to see if the
> identifier value matches with the one in the last frame received during the
> EAP-PEAP second stage. Is this correct to skip the check ?
>
>
> - Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20100927/2dcf2f29/attachment.htm
More information about the Hostap
mailing list