Re: [RADIATOR] Issue with TTLS-EAP-MSCHAPv2 and EAPAnonymous

Fri, 03 May 2013 12:05:35 -0700 

Certainly, I'd be glad to test.

-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu






On 5/3/13 12:40 PM, "Heikki Vatiainen" <h...@open.com.au> wrote:

>On 05/02/2013 10:52 PM, Johnson, Neil M wrote:
>
>> I'm trying to get TTLS-EAP-MSCHAPv2 working.
>> 
>> I've found that if I  have EAPAnonymous set to %0, It does not work.
>
>Hello Neil,
>
>I agree EAPAnonymous %0 seems not to fetch the inner EAP Identity
>correctly. I looked at the code and there's a difference between
>EAP-TTLS vs. PEAP and EAP-FAST here.
>
>> If I set EAPAnonymous to %{User-Name}, it works.
>
>Note that this is the User-Name from the outer request. This may or may
>not be the same as inner EAP Identity.
>
>> The only difference I see is that the username is in the [] field is
>> empty when EAPAnonymous %0 is set and is [wlantes...@uiowa.edu] when
>> EAPAnonymous is set to %{User-Name}.
>
>The brackets [] mark the original User-Name before any rewrites and
>other changes. With EAPAnonymous %0 the TTLS code currently sets the
>inner request's User-Name to empty.
>
>There is one difference with EAP-TTLS EAPAnonymous compared to other
>tunneling EAPs. with one exception: if there already is a User-Name,
>this User-Name is not modified. This happens with e.g., EAP-TTLS/PAP.
>
>When you use EAPAnonymous %{User-Name} the inner User-Name gets its
>value from the RADIUS message's (outer request) value.
>
>> Is this expected behavior, or a bug ?
>
>I think this is a bug. If can send you a fixed EAP_21.pm if you could
>test it before it gets applied to the patches.
>
>Thanks,
>Heikki
>
>-- 
>Heikki Vatiainen <h...@open.com.au>
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>_______________________________________________
>radiator mailing list
>radiator@open.com.au
>http://www.open.com.au/mailman/listinfo/radiator

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to