[RADIATOR] random EAP authentication errors since 4.17
Heikki Vatiainen
hvn at open.com.au
Tue Jan 24 11:57:10 UTC 2017
On 24.1.2017 13.39, Hartmaier Alexander wrote:
> Could you move the storage of reply attributes into the resume context
> to a point after PostAuthHook is called so this isn't required?
I think we'll need to think about an interface for this. This discussion
has been useful to understanding the custom use cases, so rather than
moving it, I' say it's better to provide a documented call or similar to
do this.
>> The latter is EAP-TTLS and the problem is PEAP/EAP-TLS?
> We don't use EAP-TTLS, only PEAP-TLS and EAP-TLS. EAP-TLS works, also
> resumption, PEAP-TLS doesn't.
Ah, sorry, I read EAP-TLS twice.
> What kind of logs do you need? I could mail you the packet capture as a
> starting point, but we haven't had debugging enabled at that time, just
> log level 3 where no sign of the mentioned request with id 57 can be seen.
I trace 4 log would be best. If you create one, just send it to me
directly since the list does now allow large attachments.
>> That's a possibility since the adjustment is 40 which seems to be too
>> little since you need 50. We probably need to update this value.
> I see, please document this value in ref.pdf.
> Which formula can be used to calculate this value?
It's not calculated but an estimate that was based on watching how it
worked with different certificate chains. It's a good idea to get this
documented.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list