(RADIATOR) EAP Framed-MTU Fragment Issues
David Miles
imonholiday at hotmail.com
Fri Feb 6 21:28:27 CST 2004
Thanks Mike,
Done and all working.
-d
----Original Message Follows----
From: Mike McCauley <mikem at open.com.au>
To: "David Miles" <imonholiday at hotmail.com>, radiator at open.com.au
Subject: Re: (RADIATOR) EAP Framed-MTU Fragment Issues
Date: Sat, 7 Feb 2004 13:39:27 +1100
MIME-Version: 1.0
Received: from server1.open.com.au ([209.61.182.19]) by mc3-f34.hotmail.com
with Microsoft SMTPSVC(5.0.2195.6824); Fri, 6 Feb 2004 19:22:09 -0800
Received: (from majordomo at localhost)by server1.open.com.au (8.11.6/8.11.6)
id i172dWf28262for radiatorzz-list; Fri, 6 Feb 2004 20:39:32 -0600
Received: from open.com.au (adsl-125-86.swiftdsl.com.au [218.214.125.86])by
server1.open.com.au (8.11.6/8.11.6) with SMTP id i172dUs28259for
<radiator at open.com.au>; Fri, 6 Feb 2004 20:39:30 -0600
Received: (qmail 2848 invoked from network); 7 Feb 2004 02:39:28 -0000
Received: from zulu.open.com.au (HELO zulu) (203.63.154.29) by
xray.open.com.au (203.63.154.27) with ESMTP; 07 Feb 2004 02:39:28 -0000
X-Message-Info: QIy1oIULmHf9psVjuRfbFaDqo7ASrGZT
X-Authentication-Warning: server1.open.com.au: majordomo set sender to
owner-radiator at open.com.au using -f
Organization: Open System Consultants
User-Agent: KMail/1.5.4
References: <BAY2-F23ItBx58d4XO500012445 at hotmail.com>
In-Reply-To: <BAY2-F23ItBx58d4XO500012445 at hotmail.com>
Message-Id: <200402071339.27980.mikem at open.com.au>
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>
Return-Path: owner-radiator at open.com.au
X-OriginalArrivalTime: 07 Feb 2004 03:22:09.0938 (UTC)
FILETIME=[923C6720:01C3ED29]
HEllo David,
You probably need to set EAPTLS_MaxFragmentSize
Cheers.
On Sat, 7 Feb 2004 12:15 pm, David Miles wrote:
> I am having some trouble where Radiator (3.6) is sending an
> access-challenge (as part of PEAP) to a Colubris access point, and it is
> failing because the EAP message is too large.
> Checking the conversation, the Framed-MTU is being passed to Radiator,
> however the response if far in excess of Framed-MTU - 4.
>
> Any help would be greatly appreciated,
>
> Cheers,
>
> David Miles
>
> Conversation below:
>
> Code: Access-Request
> Identifier: 222
> Authentic: <238><214>V<194>(<154>Q<238>wjz<6><215>LP<199>
> Attributes:
> Acct-Session-Id = "2e5020f0"
> NAS-Port = 1
> NAS-Port-Type = Wireless-IEEE-802-11
> User-Name = "davidm"
> Calling-Station-Id = "00-40-96-51-97-AC"
> Called-Station-Id = "00-03-52-07-F1-C0"
> EAP-Message = <2><8><0><11><1>davidm
> NAS-Identifier = "M031-00022"
> NAS-IP-Address = 210.54.2.5
> Framed-MTU = 1496
> Connect-Info = "IEEE802.1X"
> Service-Type = Framed-User
> Message-Authenticator =
> EG<176><153><212>D<215><27>x<133><193><193>Jpg$
>
> Code: Access-Challenge
> Identifier: 222
> Authentic: <238><214>V<194>(<154>Q<238>wjz<6><215>LP<199>
> Attributes:
> EAP-Message = <1><9><0><6><25>!
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
>
> Code: Access-Request
> Identifier: 25
> Authentic:
<194><173><216>G<20><29><17>{<139><198><241>o<27><157><168><1>
> Attributes:
> Acct-Session-Id = "2e5020f0"
> NAS-Port = 1
> NAS-Port-Type = Wireless-IEEE-802-11
> User-Name = "davidm"
> Calling-Station-Id = "00-40-96-51-97-AC"
> Called-Station-Id = "00-03-52-07-F1-C0"
> EAP-Message =
>
<2><9><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>@"<237>)L<241><1
>99><251>*<0>
>
<210>Kf<131><21><198><137><176>@(<187><17>7v<248>\<205><190>\<14><254><0><0
>><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
> NAS-Identifier = "M031-00022"
> NAS-IP-Address = 210.54.2.5
> Framed-MTU = 1496
> Connect-Info = "IEEE802.1X"
> Service-Type = Framed-User
> Message-Authenticator =
> ;<211>c<236>V<232><240><30><21><173>w<26><10>Z<131>\
>
>
> Code: Access-Challenge
> Identifier: 25
> Authentic:
<194><173><216>G<20><29><17>{<139><198><241>o<27><157><168><1>
> Attributes:
> EAP-Message =
>
<1><10><8><10><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@"<236><207>
><4>t<227><
>
22>G<175>~<196>U<210>"<171><168><155><159><202><6>s<28><172><245>kY<241><23
>3><219><196><27> <168>X<183>>5<2
>
43><215><15>O<18>823 at 8<27><27><}t}<136>f<15><154><167><28>%<24><8><243>=<0>
><4><0><22><3><1><7><27><11><0><7
>
>
><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2
> >>0<13><6><9>*<134>H<134><247><13
> >
<1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
> >U<4><8><19><8>Victoria1<18>0<16><
>
> 6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><
> 24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in
> production)1 0<30><6><9>*<134>H<
>
134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>030227061500Z<2
>3><13>040227061500Z0u1<11>0<9><6
>
>
><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U
> ><4><7><19><9>Melbourne1<24>0<22>
>
> <6><3>U<4><10><19><15>My Test
>
Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13
>>< 6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
>
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><245><2
>05><159>@<
>
144><133><177><255>0<165><3><215>cGR<136><231><253>9<193><13><255>m@<220>y^
><160><244><236>Sa'<198>^<231><15
>
8>4<156>"<242>IS<151><30><211>$<142><196>!}R<146><166><129>yh<17><162><207>
><196><0><171>5s<187><229><139>2<
>
250><146><1><187><207><226><203>5<251><178><1><212><178><141><219>O<253><13
>4><213>N|<172>:J<23><173><161><1
>
91><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215><186>x<141><197><212>
>s<145><235>\<164><8>!<2><3><1><0
>
>
><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>
> >0<13><6><9>*<134>H<134><247><13>
>
>
<1><1><4><5><0><3><129><129><0><20>m<159><141><185><184><252><248><201>FM<1
>95>PB(^<127>3<24><136><172><19><
>
211><137><132>EF<170>9<236>^<187><146><253><171><200><183><230><148><142><2
>1>_<9>^<227><10>3<162><186><214> <206><197>Tq<219><4>r<239>?<1><16><203>
> EAP-Message =
>
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202>u<1
>61><176>F3
>
=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<196><188><3><195>.%
><19>mD<242><149><237>O<138><193>
>
<0><4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
><134><247><13><1><1><4><5><0>0<1
>
29><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victor
>ia1<18>0<16><6><3>U<4><7><19><9>
> Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not
> EAP-Message = use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.a
>
u0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U
><4><6><19><2>AU1<17>0<15><6><3>U
>
<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3
>>U<4><10><19><21>OSC Demo Certif
> icates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> productio
> EAP-Message = n)1
>
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><15
>9>0<13
>
>
><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><1
> >29><129><0><193>@h<28><185>'<7><
>
>
254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?b<150><224><171><219><170><
>170>i<226><251><234>\Jwi<210><14
>
1><249><141><148><224>|<188>V<24><209><8><223>f?<149><172><6><226><18><232>
>1<249><227>$<176>G<164>'Y<193><1
>
60>$n<160>e<153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<
>16><221><6>Pn<9>7<141><197><160>
>
<197><245><155>6<3><172><154>p<230><210>Z<159><149><192>C<255><154><220><14
>9><3>*<156>q<2><3><1><0><1><163>
>
<130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><16
>9>)<152><148>o<139>c<198><6>9\<2
> 49>s<196>0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20>
> EAP-Message =
>
<180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196><161><129><2
>08><164><1
>
29><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><1
>9><8>Victoria1<18>0<16><6><3>U<4
>
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> >Certificates1!0<31><6><3>U<4><11><19><24>Test
>
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1 0<30><6><9>*<134>H<134><24
>
7><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<12><6><3>U<29><19><4><
>5>0<3><1><1><255>0<13><6><9>* EAP-Message =
>
<134>H<134><247><13><1><1><4><5><0><3><129><129><0>A<130>4<253><23>-<13><9>
><9><222>3<
>
19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><144><146>&g<162><1
>90><234><145>H<159><10>^6IQ<223>
>
<219><193>@><204>b<245><12><6><133><147><132><192>fU<165><197><180>k<136>:<
>8><198><152><165>*%<221><237><18
>
8><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><239><20>FZyd<205><2
>40>Wbd<143><139>q]h<236><127><16
>
>
><143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><13>
> ><0><0><212><2><1><2><0><207><0><
>
>
205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8
>>Victoria1<18>0<16><6><3>U<4><7>
> <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4>
> EAP-Message = <11><19><24>Test Certificate Section1/0-<6><3>U
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> _________________________________________________________________
> Create your own personal Web page with the info you use most, at My MSN.
> http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
_________________________________________________________________
Plan your next US getaway to one of the super destinations here.
http://special.msn.com/local/hotdestinations.armx
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list