(RADIATOR) bug between 1.620 and 1.675 patchset for inner TTLS auth?

Mike McCauley mikem at open.com.au
Thu Apr 20 16:44:08 CDT 2006


Hi Paul,

Thanks for reporting this issue. IT was introduced recently during changes to 
support TNC through TTLS.
We have now fixed that problem and the fix is in the latest patch set.
We apologise for any inconvenience.
Cheers.

On Friday 21 April 2006 00:16, Paul Dekkers wrote:
> Hi there,
>
> I just noticed "ERR: Could not handle an EAP request: Can't call method
> "delete_attr" on an undefined value at
> /usr/local/lib/perl5/site_perl/5.8.7/Radius/Configurable.pm line 517."
> when patch 1.675 (from the top of my head) is applied:
>
> Thu Apr 20 16:07:31 2006: DEBUG: Handling request with Handler
> 'Realm=/guest.showcase.surfnet.nl/i'
> Thu Apr 20 16:07:31 2006: DEBUG:  Deleting session for
> Paul.Dekkers at guest.showcase.surfnet.nl, 10.0.1.1, 255
> Thu Apr 20 16:07:31 2006: DEBUG: Handling with Radius::AuthFILE:
> SC-GUEST-ID Thu Apr 20 16:07:31 2006: DEBUG: Handling with EAP: code 2, 10,
> 148 Thu Apr 20 16:07:31 2006: DEBUG: Response type 21
> Thu Apr 20 16:07:31 2006: DEBUG: EAP TTLS data, 3, 10, 9
> Thu Apr 20 16:07:31 2006: DEBUG: EAP TTLS inner authentication request
> for Paul.Dekkers at guest.showcase.surfnet.nl
> Thu Apr 20 16:07:31 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <232>B<165><249>lW<233><12><129>]<4>"<245>D<252><244>
> Attributes:
>         User-Name = "Paul.Dekkers at guest.showcase.surfnet.nl"
>         User-Password = ...
>
> Thu Apr 20 16:07:31 2006: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1, Realm=/guest.showcase.surfnet.nl/i'
> Thu Apr 20 16:07:31 2006: DEBUG:  Deleting session for
> Paul.Dekkers at guest.showcase.surfnet.nl, 10.0.1.1,
> Thu Apr 20 16:07:31 2006: DEBUG: Handling with Radius::AuthFILE:
> SC-GUEST-ID Thu Apr 20 16:07:31 2006: DEBUG: Reading users file
> /etc/radiator/db/showcase-guest-users
> Thu Apr 20 16:07:31 2006: DEBUG: Radius::AuthFILE looks for match with
> Paul.Dekkers at guest.showcase.surfnet.nl
> [Paul.Dekkers at guest.showcase.surfnet.nl]
> Thu Apr 20 16:07:31 2006: DEBUG: Radius::AuthFILE ACCEPT: :
> Paul.Dekkers at guest.showcase.surfnet.nl
> [Paul.Dekkers at guest.showcase.surfnet.nl]
> Thu Apr 20 16:07:31 2006: DEBUG: AuthBy FILE result: ACCEPT,
> Thu Apr 20 16:07:31 2006: DEBUG: Access accepted for
> Paul.Dekkers at guest.showcase.surfnet.nl
> Thu Apr 20 16:07:31 2006: ERR: Could not handle an EAP request: Can't
> call method "delete_attr" on an undefined value at
> /usr/local/lib/perl5/site_perl/5.8.7/Radius/Configurable.pm line 517.
>
> Thu Apr 20 16:07:31 2006: DEBUG: AuthBy FILE result: REJECT, Could not
> handle an EAP request
> Thu Apr 20 16:07:31 2006: INFO: Access rejected for
> Paul.Dekkers at guest.showcase.surfnet.nl: Could not handle an EAP request
> Thu Apr 20 16:07:31 2006: DEBUG: Packet dump:
> *** Sending to 145.99.219.146 port 1025 ....
> Code:       Access-Reject
> Identifier: 162
> Authentic:  cz<24><142><225>.<196>E<198>w<252><162>@<18><24><27>
> Attributes:
>         Reply-Message = "Request Denied"
>
> As you can see this machine runs perl v5.8.7 on FreeBSD, and the
> following perl modules are installed:
>
> radius# ls /var/db/pkg | grep p5
> p5-Authen-SASL-2.09
> p5-Convert-ASN1-0.19
> p5-DBD-mysql-3.0002
> p5-DBI-1.50
> p5-Digest-1.14
> p5-Digest-HMAC-1.01
> p5-Digest-MD4-1.5
> p5-Digest-MD5-2.36
> p5-Digest-SHA1-2.11
> p5-IO-Socket-SSL-0.97
> p5-MIME-Base64-3.07
> p5-Mail-Sendmail-0.79
> p5-Net-SSLeay-1.30_1
> p5-Socket6-0.19
> p5-Storable-2.15
> p5-URI-1.35
> p5-XML-NamespaceSupport-1.09_1
> p5-XML-SAX-0.13
> p5-perl-ldap-0.33
>
> This does not happen if I install Radiator without patches, and if I
> remember correctly it was running fine with 1.620 as well...
>
> This is the related config, I think:
>
> <AuthBy FILE>
>         Identifier SC-GUEST-ID
>         Filename %D/db/showcase-guest-users
>         Nocache
>         EAPType TTLS, TLS
>                 EAPTLS_CAFile /etc/radiator/cert/surfnet-ca-chain-2017.pem
>                 EAPTLS_CertificateFile
> /etc/radiator/cert/sn-radius-server-cert.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile
> /etc/radiator/cert/sn-radius-server-key.pem
>                 EAPTLS_PrivateKeyPassword ...
>         EAPTLS_MaxFragmentSize 512
>         EAPTLS_SessionResumption 0
> #       EAPAnonymous anonymous at guest.showcase.surfnet.nl
>         AutoMPPEKeys
>         StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,User-Name
>         AddToReply
> Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1
>:163,User-Name=%u </AuthBy>
>
> <Handler TunnelledByTTLS=1, Realm=/guest.showcase.surfnet.nl/i>
> #       RewriteUsername s/^([^@]+).*/$1/
>         AuthBy SC-GUEST-ID
> #       StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID
> #       AddToReply
> Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=1
>:163,User-Name=%u </Handler>
>
> <Handler Realm=/guest.showcase.surfnet.nl/i>
>         #RewriteUsername s/^([^@]+).*/$1/
>         AuthBy SC-GUEST-ID
> </Handler>
>
> ... it doesn't seem to like the stripfromreply or something in the inner
> handler?
>
> Regards,
> Paul
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list