Username on EAP-MSCHAPv2

Jouni Malinen jkmaline
Wed Feb 14 19:38:39 PST 2007

On Mon, Dec 04, 2006 at 11:31:29AM +0530, ramprasad.rajendran at wrote:

> I am using wpa_supplicant version 0.5.5 and hostapd 0.4.9 as the
> authenticator cum RADIUS.
> I am testing with EAP-MSCHAPv2

Only with EAP-MSCHAPv2 or with protected tunnel, e.g.,
EAP-PEAP/MSCHAPv2? If you are using only EAP-MSCHAPv2, please note that
it does not generate long enough key by default and may not be useful if
you need dynamic keying (and I would not really recommend using MSCHAPv2
without the encrypted tunnel anyway).

> The username in the hostapd's user and password file has the format
> DOMAIN\user.
> I tried setting the username at the configuration file at the supplicant
> to user at DOMAIN, DOMAIN\user, but gets rejected.
> Is there any particular format in which the user name must be used for

Yes, DOMAIN\user is the only format currently supported for the case
where domain part needs to be removed for challenge/response validation.
I did a quick test with EAP-PEAP with EAP-MSCHAPv2 as the inner
authentication method and it seemed to work fine between wpa_supplicant
0.5.x and hostapd 0.4.x when using DOMAIN\user format for the user name.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list