[RADIATOR] Radiator Version 4.11 released

Heikki Vatiainen hvn at open.com.au
Fri Dec 14 07:08:44 CST 2012


On 12/14/2012 02:01 PM, Jethro R Binks wrote:
> On Fri, 14 Dec 2012, Mike McCauley wrote:
> 
>> Improvements to PEAP support for Windows failing to work when PEAP fast 
>> reconnect was enabled. EAP Extension TLV/Success is now exchanged over 
>> TLS tunnel between the server and client before sending final 
>> Access-Accept.
> 
> This is interesting; is there any more information about this fix and if 
> the fault is something I would likely have experienced?

Before this change when the PEAP client did successful fast reconnect
using TLS session resumption, Radiator returned final Accept-Accept
immediately. The Windows native client did not like this and instead
wanted to see the success inside TLS tunnel first. The symptom was PEAP
succeeding first when full authentication was done with the client
hanging during reauthentication when it tried to do fast reconnect.

The EAP clients in e.g., Android and Apple devices did not require the
tunneled success, and they were able to do fast reauthentication even
without this change.

If your Radiator configuration currently has fast reconnect disabled
with 'EAPTLS_SessionResumption 0' you should be able to comment this out
or switch from 0 to 1 to allow fast reconnect.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list