radius access-challenge as response to inner auth (PAP) of EAP-TTLS gives following error

Jouni Malinen j
Tue Apr 14 06:26:40 PDT 2009

On Tue, Apr 07, 2009 at 02:53:32AM -0700, fundu wrote:

> Im trying to use WPA-enterprise on my home laptop( wpa_supplicant 6.4 ) having windows XP preofessional sp3 with intel wireless card(for knowledge purpose only, wpa-personal is working properly). The TLS tunnel gets established successfully but as my custom radius implementation returns access-challenge by default for any initial access-request the wpa-supplicant log says "EAP-TTLS: Phase 2 received unexpected tunneled data (no EAP)".  

Are you trying to use a separate AAA/H that initializes an additional
challenge when client tries to use PAP as described in the end of RFC
5281, Chapter 11.2.5? This is not currently supported by wpa_supplicant
and I have not seen any server do this before.

What would you expect to see as the response from the peer? Does the
Reply-Message attribute include some information that the peer should
process to generate the response? Or would it be enough to just send the
message with User-Name and User-Password attributes again as-is (in
which case, I would ask why did the server not process this in the first

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list