No problem - figuring out how to do that is one of my prouder accomplishments with Freeradius. :) I run Linux, so I havent heard of ntradpad, but I'll keep my eyes open. You can start sending EAP-Messages this way to learn how the tools work, but you'll soon see that Freeradius rejects any response with a State that doesnt match the one it sent in the preceding challenge. A little hacking around in a debugger will show you what you need to patch. The example I sent earlier didnt have a State attribute in the input file. To add one for other messages, just add "State=state1" (or whatever value you want) to the attribute list. The state attribute is described in RFC 2865, and EAP-Message and Message-Authenticator are in RFC 2869.
Good luck, Dave
claufer writes:
Hey Dave, thanks a lot! nice thing... worked fine for me so far . There=B4s tool called ntradpad(winnt), you can change the request type to= =20 send EAP messages with, but i didn=B4t tried it out now. I couldn=B4t rea= lly=20 follow suit when it came to the point that RADIUS changes state=20 attribute, cause i don=B4t know exactly what the RADIUS state attributes=20 are and what they do, I can only imagine... but anyways thanks a lot! I=B4ll try to get some more information about these state attributes.
regards, cl
Dave Mason schrieb:
=20Hi, Here's how I do it. I dont know of a test client that can easily build=
t=20a RADIUS Access-Request with an EAP-Message - if anybody does please le=
61742e636f6d"=20us know. The radclient program supplied with Freeradius can add an=20 EAP-Message attribute but you have to code it yourself in hex. Here's=20 how I send an EAP/Response/Identity: =20 $ radclient -f eapRspId.txt -r 1 localhost auth testing =20 The eapRspId.txt file looks like this: ------------------- [EMAIL PROTECTED], Message-Authenticator=3Dxxx,=20 EAP-Message=3D"0x020100210131393230353332323830303230333130407472616e73=
S=20=20 =20 # EAP-Resp/id=3D1/type=3DIdentity/[EMAIL PROTECTED] ------------------ =20 I put the comment last because radclient stops as soon as it sees a=20 comment. Another thing to keep in mind. Freeradius will set the RADIU=
=20State attribute in all challenge messages to some random value, but=20 you'll need to use the same value in the State attribute of the=20 response. If youre using hard coded message files like this, adding a=20 different State value every time would be a pain, so I use a test patch=
s=20in rlm_eap/state.c that sets State to some known value like "state1",=20 "state2", etc., throughout the challenge sequence, and another in my=20 rlm_eap_<type> to restart back to "state1" when EAP-Success or Failure=20 is sent. You can keep the state number in a global variable. This let=
=20you hard code the State value in the eapRspXxx.txt message file. I now=
turn the patch on at compile time with a flag, but someday I'd like to=20 make it configurable in radiusd.conf. =20 Dave
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
