Hi,
I'm writing an EAP method for FreeRADIUS and I tested
some error cases last week in order to understand the
FreeRADIUS behavior. I'm asking oneself some questions
about it:
1) When the client doesn't respond, the AP will
dissassociate it 30 seconds after and end the
authentication procedure. During this time, FreeRADIUS
is sleeping… So, I would like to know if there is a
sort of "garbage collector" which frees unfinished
authentications ?
Indeed, the FreeRADIUS server isn't able to know if
the AP has disassociated the client.
2) My EAP module must return 0 or 1 to FreeRADIUS. If
it is 1, it siginifies that there is an EAP Request to
send. I tried to send an EAP Message with the code
equal to 5: FreeRADIUS detected correctly that the EAP
Code was invalid : it sent an Access-Reject but the
included EAP message was corrupted : 0x05050004 !
Why not sending an EAP Failure in this case ?
3) It seems that it's impossible to silently discard a
packet under FreeRADIUS ?
In case of a client bad EAP Response, my EAP method
has to choose between two solutions : discard it
silently or re send the previous EAP Request.
4) I succeeded to modify the EAP Identifier on the
client side, but I didn't arrive in my EAP module. It
seems that FreeRADIUS choses the EAP Identifier by
incrementing by one the previous sent EAP Identifier.
Is it really that ?
Thanks for your help.
Aurelien
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo!
Messenger sur http://fr.messenger.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
