[RADIATOR] Unsupported EAP Response 26

michael.filz at zv-extern.fraunhofer.de michael.filz at zv-extern.fraunhofer.de
Thu Sep 12 08:36:02 UTC 2019 

On Tue, 2019-09-10 at 19:31 +0300, Heikki Vatiainen wrote:
> On 10/09/2019 18.15, michael.filz at zv-extern.fraunhofer.de wrote:
> 
> > <Handler TunnelledByPEAP=1,EAP-Message=/<REDACTED>/i>
> 
> I recommend changing this to just: <Handler TunnelledByPEAP=1>
> 
> Because PEAP can only carry EAP, the inner request is always built
> with 
> EAP-Message. Based on the log the redacted regexp did not match and
> it 
> fell back to the other Handler. While this allowed the final ack for
> EAP 
> 26 to happen, it is not allowed any longer.
> 
> Thanks,
> Heikki
> 

Addendum: I have compared the section in question between 4.18 and
4.23. It doesn't even seem to be a problem with matching the handler,
but with radiator reacting to it:

========
  4.18
========

Thu Sep 12 10:04:47 2019: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Attributes:
        EAP-Message = <2><11><0><6><26><3>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        NAS-IP-Address = 127.0.0.1
        Calling-Station-Id = "02-00-00-00-00-01"
        User-Name = "<REDACTED>"

Thu Sep 12 10:04:47 2019: DEBUG: Handling request with Handler 'Realm=/<REDACTED>/i', Identifier 'RADIUS_PROXY'
Thu Sep 12 10:04:47 2019: DEBUG:  Deleting session for <REDACTED>, 127.0.0.1,
Thu Sep 12 10:04:47 2019: DEBUG: Handling with Radius::AuthFILE:
Thu Sep 12 10:04:47 2019: DEBUG: Handling with EAP: code 2, 11, 6, 26
Thu Sep 12 10:04:47 2019: DEBUG: Response type 26
Thu Sep 12 10:04:47 2019: DEBUG: EAP Success, elapsed time 0.073696
Thu Sep 12 10:04:47 2019: DEBUG: EAP result: 0,
Thu Sep 12 10:04:47 2019: DEBUG: AuthBy FILE result: ACCEPT,
Thu Sep 12 10:04:47 2019: DEBUG: Access accepted for <REDACTED>
Thu Sep 12 10:04:47 2019: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Accept
Identifier: UNDEF
Attributes:
        MS-MPPE-Send-Key =
        MS-MPPE-Recv-Key =
        EAP-Message = <3><11><0><4>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

========
  4.23
========

Thu Sep 12 10:01:50 2019: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Attributes:
        EAP-Message = <2><11><0><6><26><3>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        NAS-IP-Address = 127.0.0.1
        Calling-Station-Id = "02-00-00-00-00-01"
        User-Name = "<REDACTED>"

Thu Sep 12 10:01:50 2019: DEBUG: Handling request with Handler 'Realm=/<REDACTED>/i', Identifier 'RADIUS_PROXY'
Thu Sep 12 10:01:50 2019: DEBUG: SessINTERNAL: Deleting session for <REDACTED>, 127.0.0.1,
Thu Sep 12 10:01:50 2019: DEBUG: Handling with Radius::AuthFILE:
Thu Sep 12 10:01:50 2019: DEBUG: Handling with EAP: code 2, 11, 6, 26
Thu Sep 12 10:01:50 2019: DEBUG: Response type 26
Thu Sep 12 10:01:50 2019: DEBUG: EAP result: 1, Unsupported EAP Response 26
Thu Sep 12 10:01:50 2019: DEBUG: AuthBy FILE result: REJECT, Unsupported EAP Response 26
Thu Sep 12 10:01:50 2019: INFO: Access rejected for <REDACTED>: Unsupported EAP Response 26
Thu Sep 12 10:01:50 2019: DEBUG: EAP Failure, elapsed time 0.099186
Thu Sep 12 10:01:50 2019: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Reject
Identifier: UNDEF
Attributes:
        Reply-Message = "Request Denied"
        EAP-Message = <4><11><0><4>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Everything appears to be quite the same up to the point where Radiator
starts to handle the Response Type - 4.18 gives a success while 4.23
complains it doesn't know about type 26.
Any ideas?

Greetings,
Michael

More information about the radiator mailing list