[RADIATOR] New Error messages
Heikki Vatiainen
hvn at open.com.au
Fri Jan 18 17:06:40 CST 2013
On 01/18/2013 10:29 PM, Michael Hulko wrote:
> The changelog for version 4.8 says:
> - Fixed an issue where truncated EAP-Message requests would cause a log
> message like "Could not load EAP module Radius::EAP_" ..... This is now
> logged as invalid EAP type in EAP request and rejected. Reported by
> Daniel Rocha.
>
> Has this crept back into version 4.10 ??
No, that's a bit different. This fixed the case when EAP-Message was
truncated enough to not to have the type field at all.
http://tools.ietf.org/html/rfc3748#section-4.1
With radpwtst you can try this with something like:
% radpwtst -trace 4 -noacct -eaphex 01020005
This has only Code, Identifier and Length (0x01, 0x02 and 0x005
respectively) but no EAP Type such as PEAP, Identity, etc.
What you are seeing is the result of something like this:
% radpwtst -trace 4 -noacct -eaphex 0102000580
EAP type is present (0x80 or 128 in decimal), but since there is no such
EAP module in Radiator, you will get 'Can't locate Radius/EAP_128.pm
...' in the logs.
These are sometimes seen in the logs. The first EAP-Message attribute in
the request should always start with EAP request or response header that
specifies which EAP method (PEAP, TTLS, Identity, etc.) is in question.
If the message gets mangled, somehow rearranged or possibly split into
multiple messages, this will cause problems. For example, fragmentation
is not supported and any other kind of rearranging the order of
EAP-Message attributes will break the EAP message.
I would not worry about these if there are not too many of them. If it
looks like this warrants debugging, I would try to get full request
dumps and see e.g., if it's the certain NAS that is the source of the
broken messages.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list