[RADIATOR] Bugreport: OTP... PAP

vartiait at open.com.au vartiait at open.com.au
Thu Sep 24 10:21:44 CDT 2015 

Hi,

On Thursday, 24 September, 2015 14:09, "Patrick Honing" <Patrick.Honing at han.nl> said:
> 
> Mon Sep 14 14:15:47 2015: ERR: Could not load EAP module Radius::EAP_: Can't
> locate Radius/EAP_.pm in @INC (@INC contains: .
> /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl
> /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at (eval 103)
> line 3.
> 
> Mon Sep 14 14:15:47 2015: DEBUG: EAP result: 1, Unsupported default EAP
> Response/Identity PAP
> 
> Because PAP was mentioned in the error, we removed (after trying a few dozen other
> things) PAP from out EAPtypes (was there historically and isn’t used
> anymore) as in:
> 
> This fixes the problem with the mac, but keeps me wondering why PAP gives such a
> nasty error..
> 

Thanks for bringing this up! Have to add a check there to prevent Radiator from 
trying to load an EAP class for a non-existing EAP type and log an error for 
wrong/non-supported EAP types in a configuration file :)

PAP is not an EAP type, supported EAP types are MD5, OTP, GTC, TLS, SecurID, LEAP, 
SIM, TTLS, AKA, PEAP, MSCHAP-V2, TNC, FAST, PAX, PSK, AKA-PRIME and PWD.

EAP-TTLS can transport PAP (plain simple RADIUS authentication), CHAP, MSCHAP, MSCHAPv2 (without 
EAP encapsulation) or any EAP method (including EAP-MSCHAPv2).

New Mac OS X 10.11. seems to use EAP-MSCHAPv2 within EAP-TTLS by default, whereas 
old versions used plain PAP or MSCHAPv2.

> All fine.. Testing the Mac went fine so updating our production RADIUS
> servers… But this broke our VDI config:
> 

could you send a trace 4 log file showing OTP challenge and response directly to me 
and I'll look at it?


BR
-- 
Tuure Vartiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list