Hello all, I have two EAP related questions when running radiusd: FreeRADIUS Version 0.9.0 running in debug mode -X.
Question 1. RFC 3579 states that "EAP-Start is indicated by sending an EAP-Message attribute with a length of 2 (no data). I interpret this to be the following two bytes '0x49 0x02'. But when I send a packet containing such an attribute to freeradius it does not see it as an EAP start. Below is the packet that was sent to free radius sendwait: Sending rathPacket: 01 01 00 5c 62 72 61 64 6c 65 79 00 00 00 00 00 00 00 00 00 01 10 44 4e 49 53 3a 31 32 33 34 35 36 37 38 39 04 06 01 02 03 04 06 06 00 00 00 0a 1e 0c 30 31 32 33 34 35 36 37 38 39 1f 0c 30 31 32 33 34 35 36 37 38 39 4f 02 50 12 f8 62 e2 00 52 d1 bf 52 c8 0f 34 80 f6 cc b8 cb rad_recv: Access-Request packet from host 10.230.199.211:33118, id=1, length=92 User-Name = "DNIS:123456789" NAS-IP-Address = 1.2.3.4 Service-Type = Call-Check Called-Station-Id = "0123456789" Calling-Station-Id = "0123456789" EAP-Message = 0x Message-Authenticator = 0xf862e20052d1bf52c80f3480f6ccb8cb modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: Unknown EAP packet rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "DNIS:123456789", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop users: Matched DNIS:123456789 at 154 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns updated rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 1 to 10.230.199.211:33118 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 4097bd99 Nothing to do. Sleeping until we see a request. To get around this I send the EAP-Message 0x4f 0x0c 0x01 0xff rlm_eap: EAP packet type identity id 255 length 0 rlm_eap: Got EAP_START message modcall[authorize]: module "eap" returns handled Am I reading the RFC wrong? Question 2. I send the following EAP-Message Radius-Attribute = 0x 4f 0c 02 ff 00 0a 01 68 65 6c 6c 6f This is a EAP-Message with code=Response and Type = Identity, however the debug states that the type is notification. What am I doing wrong? >> rlm_eap: EAP packet type notification id 255 length 10 rad_recv: Access-Request packet from host 10.230.199.211:33118, id=1, length=102 User-Name = "DNIS:123456789" NAS-IP-Address = 1.2.3.4 Service-Type = Call-Check Called-Station-Id = "0123456789" Calling-Station-Id = "0123456789" EAP-Message = 0x02ff000a0168656c6c6f Message-Authenticator = 0x2d0593fd6c29c9bed3b2147ada26d942 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: EAP packet type notification id 255 length 10 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "DNIS:123456789", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop users: Matched DNIS:123456789 at 154 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns updated rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 4 for 1 seconds Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 1 to 10.230.199.211:33118 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 1 with timestamp 4097bec2 Nothing to do. Sleeping until we see a request. My understanding of EAP & Freeradius is limited but getting better. Any help is appreciated. Thanks, Martin Bradley Riverside Tower, Belfast, BT1 3BT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html