(RADIATOR) EAP Framed-MTU Fragment Issues

David Miles imonholiday at hotmail.com
Fri Feb 6 21:28:27 CST 2004


Thanks Mike,

Done and all working.

-d


----Original Message Follows----
From: Mike McCauley <mikem at open.com.au>
To: "David Miles" <imonholiday at hotmail.com>, radiator at open.com.au
Subject: Re: (RADIATOR) EAP Framed-MTU Fragment Issues
Date: Sat, 7 Feb 2004 13:39:27 +1100
MIME-Version: 1.0
Received: from server1.open.com.au ([209.61.182.19]) by mc3-f34.hotmail.com 
with Microsoft SMTPSVC(5.0.2195.6824); Fri, 6 Feb 2004 19:22:09 -0800
Received: (from majordomo at localhost)by server1.open.com.au (8.11.6/8.11.6) 
id i172dWf28262for radiatorzz-list; Fri, 6 Feb 2004 20:39:32 -0600
Received: from open.com.au (adsl-125-86.swiftdsl.com.au [218.214.125.86])by 
server1.open.com.au (8.11.6/8.11.6) with SMTP id i172dUs28259for 
<radiator at open.com.au>; Fri, 6 Feb 2004 20:39:30 -0600
Received: (qmail 2848 invoked from network); 7 Feb 2004 02:39:28 -0000
Received: from zulu.open.com.au (HELO zulu) (203.63.154.29)  by 
xray.open.com.au (203.63.154.27) with ESMTP; 07 Feb 2004 02:39:28 -0000
X-Message-Info: QIy1oIULmHf9psVjuRfbFaDqo7ASrGZT
X-Authentication-Warning: server1.open.com.au: majordomo set sender to 
owner-radiator at open.com.au using -f
Organization: Open System Consultants
User-Agent: KMail/1.5.4
References: <BAY2-F23ItBx58d4XO500012445 at hotmail.com>
In-Reply-To: <BAY2-F23ItBx58d4XO500012445 at hotmail.com>
Message-Id: <200402071339.27980.mikem at open.com.au>
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>
Return-Path: owner-radiator at open.com.au
X-OriginalArrivalTime: 07 Feb 2004 03:22:09.0938 (UTC) 
FILETIME=[923C6720:01C3ED29]

HEllo David,

You probably need to set EAPTLS_MaxFragmentSize

Cheers.

On Sat, 7 Feb 2004 12:15 pm, David Miles wrote:
 > I am having some trouble where Radiator (3.6) is sending an
 > access-challenge (as part of PEAP) to a Colubris access point, and it is
 > failing because the EAP message is too large.
 > Checking the conversation, the Framed-MTU is being passed to Radiator,
 > however the response if far in excess of Framed-MTU - 4.
 >
 > Any help would be greatly appreciated,
 >
 > Cheers,
 >
 > David Miles
 >
 > Conversation below:
 >
 > Code:       Access-Request
 > Identifier: 222
 > Authentic:  <238><214>V<194>(<154>Q<238>wjz<6><215>LP<199>
 > Attributes:
 >         Acct-Session-Id = "2e5020f0"
 >         NAS-Port = 1
 >         NAS-Port-Type = Wireless-IEEE-802-11
 >         User-Name = "davidm"
 >         Calling-Station-Id = "00-40-96-51-97-AC"
 >         Called-Station-Id = "00-03-52-07-F1-C0"
 >         EAP-Message = <2><8><0><11><1>davidm
 >         NAS-Identifier = "M031-00022"
 >         NAS-IP-Address = 210.54.2.5
 >         Framed-MTU = 1496
 >         Connect-Info = "IEEE802.1X"
 >         Service-Type = Framed-User
 >         Message-Authenticator =
 > EG<176><153><212>D<215><27>x<133><193><193>Jpg$
 >
 > Code:       Access-Challenge
 > Identifier: 222
 > Authentic:  <238><214>V<194>(<154>Q<238>wjz<6><215>LP<199>
 > Attributes:
 >         EAP-Message = <1><9><0><6><25>!
 >         Message-Authenticator =
 > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
 >
 >
 > Code:       Access-Request
 > Identifier: 25
 > Authentic:  
<194><173><216>G<20><29><17>{<139><198><241>o<27><157><168><1>
 > Attributes:
 >         Acct-Session-Id = "2e5020f0"
 >         NAS-Port = 1
 >         NAS-Port-Type = Wireless-IEEE-802-11
 >         User-Name = "davidm"
 >         Calling-Station-Id = "00-40-96-51-97-AC"
 >         Called-Station-Id = "00-03-52-07-F1-C0"
 >         EAP-Message =
 > 
<2><9><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>@"<237>)L<241><1
 >99><251>*<0>
 > 
<210>Kf<131><21><198><137><176>@(<187><17>7v<248>\<205><190>\<14><254><0><0
 >><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
 > NAS-Identifier = "M031-00022"
 >         NAS-IP-Address = 210.54.2.5
 >         Framed-MTU = 1496
 >         Connect-Info = "IEEE802.1X"
 >         Service-Type = Framed-User
 >         Message-Authenticator =
 > ;<211>c<236>V<232><240><30><21><173>w<26><10>Z<131>\
 >
 >
 > Code:       Access-Challenge
 > Identifier: 25
 > Authentic:  
<194><173><216>G<20><29><17>{<139><198><241>o<27><157><168><1>
 > Attributes:
 >         EAP-Message =
 > 
<1><10><8><10><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@"<236><207>
 ><4>t<227><
 > 
22>G<175>~<196>U<210>"<171><168><155><159><202><6>s<28><172><245>kY<241><23
 >3><219><196><27> <168>X<183>>5<2
 > 
43><215><15>O<18>823 at 8<27><27><}t}<136>f<15><154><167><28>%<24><8><243>=<0>
 ><4><0><22><3><1><7><27><11><0><7
 >
 > 
 ><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2
 > >>0<13><6><9>*<134>H<134><247><13
 > > 
<1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
 > >U<4><8><19><8>Victoria1<18>0<16><
 >
 > 6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
 > Certificates1!0<31><6><3>U<4><11><19><
 > 24>Test Certificate Sec
 >         EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use 
in
 > production)1 0<30><6><9>*<134>H<
 > 
134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>030227061500Z<2
 >3><13>040227061500Z0u1<11>0<9><6
 >
 > 
 ><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U
 > ><4><7><19><9>Melbourne1<24>0<22>
 >
 > <6><3>U<4><10><19><15>My Test
 > 
Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13
 >>< 6><9>*<134>H<134><247><13><1><1>
 >         EAP-Message =
 > 
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><245><2
 >05><159>@<
 > 
144><133><177><255>0<165><3><215>cGR<136><231><253>9<193><13><255>m@<220>y^
 ><160><244><236>Sa'<198>^<231><15
 > 
8>4<156>"<242>IS<151><30><211>$<142><196>!}R<146><166><129>yh<17><162><207>
 ><196><0><171>5s<187><229><139>2<
 > 
250><146><1><187><207><226><203>5<251><178><1><212><178><141><219>O<253><13
 >4><213>N|<172>:J<23><173><161><1
 > 
91><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215><186>x<141><197><212>
 >s<145><235>\<164><8>!<2><3><1><0
 >
 > 
 ><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>
 > >0<13><6><9>*<134>H<134><247><13>
 >
 > 
<1><1><4><5><0><3><129><129><0><20>m<159><141><185><184><252><248><201>FM<1
 >95>PB(^<127>3<24><136><172><19><
 > 
211><137><132>EF<170>9<236>^<187><146><253><171><200><183><230><148><142><2
 >1>_<9>^<227><10>3<162><186><214> <206><197>Tq<219><4>r<239>?<1><16><203>
 >         EAP-Message =
 > 
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202>u<1
 >61><176>F3
 > 
=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<196><188><3><195>.%
 ><19>mD<242><149><237>O<138><193>
 > 
<0><4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
 ><134><247><13><1><1><4><5><0>0<1
 > 
29><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victor
 >ia1<18>0<16><6><3>U<4><7><19><9>
 > Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
 > Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
 > Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not
 >         EAP-Message = use in production)1
 > 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.a
 > 
u0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U
 ><4><6><19><2>AU1<17>0<15><6><3>U
 > 
<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3
 >>U<4><10><19><21>OSC Demo Certif
 > icates1!0<31><6><3>U<4><11><19><24>Test Certificate
 > Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
 > productio
 >         EAP-Message = n)1
 > 
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><15
 >9>0<13
 >
 > 
 ><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><1
 > >29><129><0><193>@h<28><185>'<7><
 >
 > 
254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?b<150><224><171><219><170><
 >170>i<226><251><234>\Jwi<210><14
 > 
1><249><141><148><224>|<188>V<24><209><8><223>f?<149><172><6><226><18><232>
 >1<249><227>$<176>G<164>'Y<193><1
 > 
60>$n<160>e<153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<
 >16><221><6>Pn<9>7<141><197><160>
 > 
<197><245><155>6<3><172><154>p<230><210>Z<159><149><192>C<255><154><220><14
 >9><3>*<156>q<2><3><1><0><1><163>
 > 
<130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><16
 >9>)<152><148>o<139>c<198><6>9\<2
 > 49>s<196>0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20>
 >         EAP-Message =
 > 
<180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196><161><129><2
 >08><164><1
 > 
29><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><1
 >9><8>Victoria1<18>0<16><6><3>U<4
 >
 > ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
 > >Certificates1!0<31><6><3>U<4><11><19><24>Test
 >
 > Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
 > production)1 0<30><6><9>*<134>H<134><24
 > 
7><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<12><6><3>U<29><19><4><
 >5>0<3><1><1><255>0<13><6><9>* EAP-Message =
 > 
<134>H<134><247><13><1><1><4><5><0><3><129><129><0>A<130>4<253><23>-<13><9>
 ><9><222>3<
 > 
19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><144><146>&g<162><1
 >90><234><145>H<159><10>^6IQ<223>
 > 
<219><193>@><204>b<245><12><6><133><147><132><192>fU<165><197><180>k<136>:<
 >8><198><152><165>*%<221><237><18
 > 
8><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><239><20>FZyd<205><2
 >40>Wbd<143><139>q]h<236><127><16
 >
 > 
 ><143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><13>
 > ><0><0><212><2><1><2><0><207><0><
 >
 > 
205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8
 >>Victoria1<18>0<16><6><3>U<4><7>
 > <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
 > Certificates1!0<31><6><3>U<4>
 >         EAP-Message = <11><19><24>Test Certificate Section1/0-<6><3>U
 >         Message-Authenticator =
 > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
 >
 > _________________________________________________________________
 > Create your own personal Web page with the info you use most, at My MSN.
 > http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/
 >
 > ===
 > Archive at http://www.open.com.au/archives/radiator/
 > Announcements on radiator-announce at open.com.au
 > To unsubscribe, email 'majordomo at open.com.au' with
 > 'unsubscribe radiator' in the body of the message.

--
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

_________________________________________________________________
Plan your next US getaway to one of the super destinations here. 
http://special.msn.com/local/hotdestinations.armx

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list