[RADIATOR] Issue with TTLS-EAP-MSCHAPv2 and EAPAnonymous
Johnson, Neil M
neil-johnson at uiowa.edu
Fri May 3 14:05:19 CDT 2013
Certainly, I'd be glad to test.
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-johnson at uiowa.edu
On 5/3/13 12:40 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>On 05/02/2013 10:52 PM, Johnson, Neil M wrote:
>
>> I'm trying to get TTLS-EAP-MSCHAPv2 working.
>>
>> I've found that if I have EAPAnonymous set to %0, It does not work.
>
>Hello Neil,
>
>I agree EAPAnonymous %0 seems not to fetch the inner EAP Identity
>correctly. I looked at the code and there's a difference between
>EAP-TTLS vs. PEAP and EAP-FAST here.
>
>> If I set EAPAnonymous to %{User-Name}, it works.
>
>Note that this is the User-Name from the outer request. This may or may
>not be the same as inner EAP Identity.
>
>> The only difference I see is that the username is in the [] field is
>> empty when EAPAnonymous %0 is set and is [wlantest02 at uiowa.edu] when
>> EAPAnonymous is set to %{User-Name}.
>
>The brackets [] mark the original User-Name before any rewrites and
>other changes. With EAPAnonymous %0 the TTLS code currently sets the
>inner request's User-Name to empty.
>
>There is one difference with EAP-TTLS EAPAnonymous compared to other
>tunneling EAPs. with one exception: if there already is a User-Name,
>this User-Name is not modified. This happens with e.g., EAP-TTLS/PAP.
>
>When you use EAPAnonymous %{User-Name} the inner User-Name gets its
>value from the RADIUS message's (outer request) value.
>
>> Is this expected behavior, or a bug ?
>
>I think this is a bug. If can send you a fixed EAP_21.pm if you could
>test it before it gets applied to the patches.
>
>Thanks,
>Heikki
>
>--
>Heikki Vatiainen <hvn at open.com.au>
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>_______________________________________________
>radiator mailing list
>radiator at open.com.au
>http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list