Hello all,
I have two EAP related questions when running radiusd: FreeRADIUS
Version 0.9.0 running in debug mode -X.
Question 1. RFC 3579 states that "EAP-Start is indicated by sending an
EAP-Message attribute with a length of 2 (no data). I interpret this to
be the following two bytes '0x49 0x02'. But when I send a packet
containing such an attribute to freeradius it does not see it as an EAP
start.
Below is the packet that was sent to free radius
sendwait: Sending rathPacket:
01 01 00 5c 62 72 61 64 6c 65 79 00 00 00 00 00 00 00 00 00
01 10 44 4e 49 53 3a 31 32 33 34 35 36 37 38 39 04 06 01 02
03 04 06 06 00 00 00 0a 1e 0c 30 31 32 33 34 35 36 37 38 39
1f 0c 30 31 32 33 34 35 36 37 38 39 4f 02 50 12 f8 62 e2 00
52 d1 bf 52 c8 0f 34 80 f6 cc b8 cb
rad_recv: Access-Request packet from host 10.230.199.211:33118, id=1,
length=92
User-Name = "DNIS:123456789"
NAS-IP-Address = 1.2.3.4
Service-Type = Call-Check
Called-Station-Id = "0123456789"
Calling-Station-Id = "0123456789"
EAP-Message = 0x
Message-Authenticator = 0xf862e20052d1bf52c80f3480f6ccb8cb
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: Unknown EAP packet
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "DNIS:123456789", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DNIS:123456789 at 154
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 1 to 10.230.199.211:33118
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 1 with timestamp 4097bd99
Nothing to do. Sleeping until we see a request.
To get around this I send the EAP-Message
0x4f 0x0c 0x01 0xff
rlm_eap: EAP packet type identity id 255 length 0
rlm_eap: Got EAP_START message
modcall[authorize]: module "eap" returns handled
Am I reading the RFC wrong?
Question 2.
I send the following EAP-Message
Radius-Attribute = 0x 4f 0c 02 ff 00 0a 01 68 65 6c 6c 6f
This is a EAP-Message with code=Response and Type = Identity, however
the debug states that the type is
notification. What am I doing wrong?
>> rlm_eap: EAP packet type notification id 255 length 10
rad_recv: Access-Request packet from host 10.230.199.211:33118, id=1,
length=102
User-Name = "DNIS:123456789"
NAS-IP-Address = 1.2.3.4
Service-Type = Call-Check
Called-Station-Id = "0123456789"
Calling-Station-Id = "0123456789"
EAP-Message = 0x02ff000a0168656c6c6f
Message-Authenticator = 0x2d0593fd6c29c9bed3b2147ada26d942
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP packet type notification id 255 length 10
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "DNIS:123456789", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DNIS:123456789 at 154
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 1 to 10.230.199.211:33118
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 1 with timestamp 4097bec2
Nothing to do. Sleeping until we see a request.
My understanding of EAP & Freeradius is limited but getting better.
Any help is appreciated.
Thanks,
Martin Bradley
Riverside Tower,
Belfast,
BT1 3BT
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
