(RADIATOR) EAP Framed-MTU Fragment Issues

Mike McCauley mikem at open.com.au
Fri Feb 6 20:39:27 CST 2004 

HEllo David,

You probably need to set EAPTLS_MaxFragmentSize

Cheers.

On Sat, 7 Feb 2004 12:15 pm, David Miles wrote:
> I am having some trouble where Radiator (3.6) is sending an
> access-challenge (as part of PEAP) to a Colubris access point, and it is
> failing because the EAP message is too large.
> Checking the conversation, the Framed-MTU is being passed to Radiator,
> however the response if far in excess of Framed-MTU - 4.
>
> Any help would be greatly appreciated,
>
> Cheers,
>
> David Miles
>
> Conversation below:
>
> Code:       Access-Request
> Identifier: 222
> Authentic:  <238><214>V<194>(<154>Q<238>wjz<6><215>LP<199>
> Attributes:
>         Acct-Session-Id = "2e5020f0"
>         NAS-Port = 1
>         NAS-Port-Type = Wireless-IEEE-802-11
>         User-Name = "davidm"
>         Calling-Station-Id = "00-40-96-51-97-AC"
>         Called-Station-Id = "00-03-52-07-F1-C0"
>         EAP-Message = <2><8><0><11><1>davidm
>         NAS-Identifier = "M031-00022"
>         NAS-IP-Address = 210.54.2.5
>         Framed-MTU = 1496
>         Connect-Info = "IEEE802.1X"
>         Service-Type = Framed-User
>         Message-Authenticator =
> EG<176><153><212>D<215><27>x<133><193><193>Jpg$
>
> Code:       Access-Challenge
> Identifier: 222
> Authentic:  <238><214>V<194>(<154>Q<238>wjz<6><215>LP<199>
> Attributes:
>         EAP-Message = <1><9><0><6><25>!
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
>
> Code:       Access-Request
> Identifier: 25
> Authentic:  <194><173><216>G<20><29><17>{<139><198><241>o<27><157><168><1>
> Attributes:
>         Acct-Session-Id = "2e5020f0"
>         NAS-Port = 1
>         NAS-Port-Type = Wireless-IEEE-802-11
>         User-Name = "davidm"
>         Calling-Station-Id = "00-40-96-51-97-AC"
>         Called-Station-Id = "00-03-52-07-F1-C0"
>         EAP-Message =
> <2><9><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>@"<237>)L<241><1
>99><251>*<0>
> <210>Kf<131><21><198><137><176>@(<187><17>7v<248>\<205><190>\<14><254><0><0
>><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
> NAS-Identifier = "M031-00022"
>         NAS-IP-Address = 210.54.2.5
>         Framed-MTU = 1496
>         Connect-Info = "IEEE802.1X"
>         Service-Type = Framed-User
>         Message-Authenticator =
> ;<211>c<236>V<232><240><30><21><173>w<26><10>Z<131>\
>
>
> Code:       Access-Challenge
> Identifier: 25
> Authentic:  <194><173><216>G<20><29><17>{<139><198><241>o<27><157><168><1>
> Attributes:
>         EAP-Message =
> <1><10><8><10><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@"<236><207>
><4>t<227><
> 22>G<175>~<196>U<210>"<171><168><155><159><202><6>s<28><172><245>kY<241><23
>3><219><196><27> <168>X<183>>5<2
> 43><215><15>O<18>823 at 8<27><27><}t}<136>f<15><154><167><28>%<24><8><243>=<0>
><4><0><22><3><1><7><27><11><0><7
>
> ><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2
> >>0<13><6><9>*<134>H<134><247><13
> > <1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
> >U<4><8><19><8>Victoria1<18>0<16><
>
> 6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><
> 24>Test Certificate Sec
>         EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1 0<30><6><9>*<134>H<
> 134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>030227061500Z<2
>3><13>040227061500Z0u1<11>0<9><6
>
> ><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U
> ><4><7><19><9>Melbourne1<24>0<22>
>
> <6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13
>>< 6><9>*<134>H<134><247><13><1><1>
>         EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><245><2
>05><159>@<
> 144><133><177><255>0<165><3><215>cGR<136><231><253>9<193><13><255>m@<220>y^
><160><244><236>Sa'<198>^<231><15
> 8>4<156>"<242>IS<151><30><211>$<142><196>!}R<146><166><129>yh<17><162><207>
><196><0><171>5s<187><229><139>2<
> 250><146><1><187><207><226><203>5<251><178><1><212><178><141><219>O<253><13
>4><213>N|<172>:J<23><173><161><1
> 91><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215><186>x<141><197><212>
>s<145><235>\<164><8>!<2><3><1><0
>
> ><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>
> >0<13><6><9>*<134>H<134><247><13>
>
> <1><1><4><5><0><3><129><129><0><20>m<159><141><185><184><252><248><201>FM<1
>95>PB(^<127>3<24><136><172><19><
> 211><137><132>EF<170>9<236>^<187><146><253><171><200><183><230><148><142><2
>1>_<9>^<227><10>3<162><186><214> <206><197>Tq<219><4>r<239>?<1><16><203>
>         EAP-Message =
> T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202>u<1
>61><176>F3
> =<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<196><188><3><195>.%
><19>mD<242><149><237>O<138><193>
> <0><4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
><134><247><13><1><1><4><5><0>0<1
> 29><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victor
>ia1<18>0<16><6><3>U<4><7><19><9>
> Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not
>         EAP-Message = use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.a
> u0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U
><4><6><19><2>AU1<17>0<15><6><3>U
> <4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3
>>U<4><10><19><21>OSC Demo Certif
> icates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> productio
>         EAP-Message = n)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><15
>9>0<13
>
> ><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><1
> >29><129><0><193>@h<28><185>'<7><
>
> 254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?b<150><224><171><219><170><
>170>i<226><251><234>\Jwi<210><14
> 1><249><141><148><224>|<188>V<24><209><8><223>f?<149><172><6><226><18><232>
>1<249><227>$<176>G<164>'Y<193><1
> 60>$n<160>e<153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<
>16><221><6>Pn<9>7<141><197><160>
> <197><245><155>6<3><172><154>p<230><210>Z<159><149><192>C<255><154><220><14
>9><3>*<156>q<2><3><1><0><1><163>
> <130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><16
>9>)<152><148>o<139>c<198><6>9\<2
> 49>s<196>0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20>
>         EAP-Message =
> <180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196><161><129><2
>08><164><1
> 29><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><1
>9><8>Victoria1<18>0<16><6><3>U<4
>
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> >Certificates1!0<31><6><3>U<4><11><19><24>Test
>
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1 0<30><6><9>*<134>H<134><24
> 7><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<12><6><3>U<29><19><4><
>5>0<3><1><1><255>0<13><6><9>* EAP-Message =
> <134>H<134><247><13><1><1><4><5><0><3><129><129><0>A<130>4<253><23>-<13><9>
><9><222>3<
> 19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><144><146>&g<162><1
>90><234><145>H<159><10>^6IQ<223>
> <219><193>@><204>b<245><12><6><133><147><132><192>fU<165><197><180>k<136>:<
>8><198><152><165>*%<221><237><18
> 8><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><239><20>FZyd<205><2
>40>Wbd<143><139>q]h<236><127><16
>
> ><143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><13>
> ><0><0><212><2><1><2><0><207><0><
>
> 205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8
>>Victoria1<18>0<16><6><3>U<4><7>
> <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4>
>         EAP-Message = <11><19><24>Test Certificate Section1/0-<6><3>U
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> _________________________________________________________________
> Create your own personal Web page with the info you use most, at My MSN.
> http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list