Username on EAP-MSCHAPv2
Jouni Malinen
jkmaline
Wed Feb 14 19:38:39 PST 2007
On Mon, Dec 04, 2006 at 11:31:29AM +0530, ramprasad.rajendran at wipro.com wrote:
> I am using wpa_supplicant version 0.5.5 and hostapd 0.4.9 as the
> authenticator cum RADIUS.
> I am testing with EAP-MSCHAPv2
Only with EAP-MSCHAPv2 or with protected tunnel, e.g.,
EAP-PEAP/MSCHAPv2? If you are using only EAP-MSCHAPv2, please note that
it does not generate long enough key by default and may not be useful if
you need dynamic keying (and I would not really recommend using MSCHAPv2
without the encrypted tunnel anyway).
> The username in the hostapd's user and password file has the format
> DOMAIN\user.
>
> I tried setting the username at the configuration file at the supplicant
> to user at DOMAIN, DOMAIN\user, but gets rejected.
> Is there any particular format in which the user name must be used for
> MSCHAPV2.
Yes, DOMAIN\user is the only format currently supported for the case
where domain part needs to be removed for challenge/response validation.
I did a quick test with EAP-PEAP with EAP-MSCHAPv2 as the inner
authentication method and it seemed to work fine between wpa_supplicant
0.5.x and hostapd 0.4.x when using DOMAIN\user format for the user name.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list