TIA
From: Mike Saywell <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [PATCH] Re: PEAP authentication very strange problem! PLEASE HELP Date: Fri, 16 Jan 2004 02:25:27 +0000
It took me a while to figure out what was going on here...
Turns out the problem was not as Alan suspected. Seems that a return value got tweaked during a re-structuring of the code.
Anyway here's the (very small) patch:
--- peap.c.orig Fri Jan 16 02:01:45 2004 +++ peap.c Fri Jan 16 02:02:03 2004 @@ -267,7 +267,7 @@ DEBUG2(" PEAP: Tunneled authentication was successful."); t->status = PEAP_STATUS_SENT_TLV_SUCCESS; eappeap_success(handler, tls_session); - rcode = RLM_MODULE_OK; + rcode = RLM_MODULE_HANDLED;
/* * If we've been told to use the attributes from
I only spotted the change when comparing a version I checked out from november which worked ok. I'm not sure if the change was intentional, but reversing it gets PEAP working again for me.
Oh btw has something changed in the configure/makefiles recently? Just that to compile TLS/TTLS support I currently have to run:
./configure --with-openssl-includes=/usr/include/ --with-openssl-libraries=/usr/lib/
It's only started happening recently, perhaps it's something weird in my setup, I'm too tired to care right now ;)
Cheers,
Mike
On Thu, Jan 15, 2004 at 09:37:57AM -0500, matt morris wrote:
> I read a post from a user named Mike Saywell, stating a similar situation
> with you:
>
> >From the RASTLS.log in WinXP:
> "Failing Auth because we got a success/fail without TLV."
>
> The file RASTLS.LOG is the WindowsXP log, obtained by setting the
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASTLS\EnableFileTracing
> flag to 1.
>
> And if you got the same thing from the log, here's the answer to Mike from
> Alan Dekok:
>
> >>Mike Saywell <[EMAIL PROTECTED]> wrote:
> >>I can authenticate with XSupplicant under Linux fine, but Windows fails
> >>apparently with the error "Failing Auth because we got a success/fail
> >>without TLV."
>
> > Hmm... it looks like the PEAP module puts the data into a buffer, to
> >be put into the TLS tunnel, but the tls code never looks for it on
> >success/failure.
>
> >The functions in eap_tls.c, eaptls_success() and eaptls_fail() have
> >to be updated to look a little more like eaptls_request(). i.e. to
> >call record_minus(), etc, to grab the data from the buffer, and put it
> >into the tunnel.
>
> >>In the peap section I've tried various combinations of the
> >>copy_request_to_tunnel and use_tunneled_reply flags to no avail -
> >>including leaving them unspecified.
>
> >That won't work, as the code is just wrong.
>
> >>Hopefully somebody can spot what is probably a silly mis-configuration
> >> on my part!
>
> >Nope.
>
> >PEAP probably works on other systems because they don't look for the
> >"TLV" response code, like they're supposed to. XP does, so it fails
> >when the PEAP module doesn't supply the TLV.
>
> >Alan DeKok.
>
> Hope this helps
>
> >From: [EMAIL PROTECTED]
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: PEAP authentication very strange problem! PLEASE HELP
> >Date: Thu, 15 Jan 2004 09:09:34 +0100 (MET)
> >
> >Anybody knows about this problem...? please help if you have an idea!!!
> >thanks a lot
> >
> >> hello everyone,
> >> I have a very strange problem while I try to do PEAP authentication...
> >> I have successfully made TLS authentication, TTLS also works with
> >secureW2
> >> client, but when I tried to do PEAP authentication, I have a very
> >strange
> >> problem:
> >> I am using a snaphot of freeradius from 2004/01/04 ,my supplicant is
> >> windows XP SP1 with all patch, and when I do PEAP authentication, all is
> >> fine for freeradius : I have an access accept and MPPE received and send
> >> key that are printed out. all seems to be good, my AP (which is cisco
> >ap)
> >> says in the log : "eap authenticated successfull = username ", the same
> >> message that I had when TLS and TTLS worked.
> >> But in the same time, in Windows side, I have already the same message :
> >> "wait for authentication".... and it's not really authenticated because
> >I
> >> can't do a ping or something like that. I dont have the good message :
> >> authentication successfull, which appeared with TLS and TTLS.
> >> But why ??? I really dont understand what is not good here... I think
> >it's
> >> a problem in windows side, don't you think so?? SI it possible ti be a
> >> problem with freeradius or my AP ?? please if someone knows, help me!
> >>
> >> Renaud Garelli
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
>
> _________________________________________________________________
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
