[RADIATOR] Bad EAP message length xx, EAP length yyy

[Heikki Vatiainen]

On 08/02/2019 16.37, André Da Cunha Araújo De Jesus wrote:

> When testing with various internal smartphones, everything seems to work 
> well (I just feel that there are many too many messages, but I don’t 
> understand the protocol, might be normal).

TLS based EAP protocls are complicated. One way to get another view of 
how the protocols work is to look RADIUS traffic with Wireshark. 
Wireshark can display much of the TLS handshake in detail while Radiator 
debug log shows what happens within the TLS tunnel once it's established.

Radiator itself does not implement TLS but uses system libraries, 
typically OpenSSL, for handshake, encryption and decryption.

> The problem I get, is when I put the radiator in production, I do get a 
> lot of errors between some successes. From devices that I have no access 
> (eduroam).

The error message about bad EAP message length is uncommon. Contents of 
EAP-Message look truncated or otherwise mangled. Could it be that there 
is something that strips EAP-Message attributes leaving just the last 
one, or there's something else that causes broken messages?

This error message should not be often, at least not repeatedly.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.