Hi Alan, I am using a debugged version of our SecureW2 Client v2.0.0 and I am seeing the double EAP-Mesage just after decryption so that means it must have been sent by the FreeRadius server. Even the MAC checks out.
You are right about the incorrectly flushed buffer as the "second" misterious EAP-MEssage was the EAP-MEssage previously sent by the Freeradius. You are saying the Aegis Client did not pick this up? I can get the SecureW2 v2.0.0 client to work but then I need to ignore the incorrect padding... The reason I am trying this all out is that i have succesfully set up the following connection using "another" radius server: Windows credentials <---------------------------------------------------> EAP-MSCHAPV2 <-----------------------------------------------> EAP-TTLS <--------------------------------> Client --------------------AP ----- TTLS Radius server ---- IAS --- Active Directory By doing this I can now do a single sign on using the MS 802.1X Client, but then with TTLS and not the PEAP client ;) I want to do the same with freeradius as this is another radius server frequently used by our customers. Regards, Tom. > -----Original Message----- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Monday, March 08, 2004 10:58 PM > To: [EMAIL PROTECTED] > Subject: Re: EAP-TTLS-EAP-* > > > "Tom Rixom" <[EMAIL PROTECTED]> wrote: > > I checked and the AVP Diameter padding in the last MSCHAPV2 > packet is = > > incorrect. > > That's bad. Very bad. > > > As you can see if you split the Diameter message up into > sequences of 4 = > > bytes as specified by the RFC the last 2 00 00 are incorrect. > > What's worse is that there are 2 EAP-Message attributes in it. I'm > not sure that this is necessary, and they look wrong to me. > > So my next question is: Do you see these on the wireless client end, > or are they also printed out in the FreeRADIUS debug log? Knowing > that will help narrow down the problem. > > e.g. Is it because a "tunnel data buffer" isn't flushed properly, > and the same data sent twice, or is the vp2diameter code wrong? > > Alan Dekok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
