TTLS AVP and RADIUS value-pairs?
Hello, I'm trying to make some modification to tls_handshake_recv(). As I have previously proposed, I'd like to extract the AVPs from the TLS packet and put them into the RADIUS packet. But the AVPs defined in the draft are represented by code-length-value triples(code is an 32-bit integer), whereas the value-pairs of RADIUS packet are represented by attribute-length-value triples(attribute is a string). I'm confused by this and I wonder if there is any kind of mapping between the code field of AVP and the attribute field of value-pair. How can I make a value-pair from the AVP extracted from the TLS packet? regards, Zhou Ping.~?????0~??b+?b?¥
Re: Implement PEAP part 2 into Freeradius?
I'm working on the TTLS support, which is mostly the same as PEAP. Maybe we can have some discussion. As far as I know, we have to extract the AVPs from the TLS packet, put them into the RADIUS packet, and the next module you configured will handle it. From: Xiong Lu Ying [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Implement PEAP part 2 into Freeradius? Date: Tue, 17 Jun 2003 12:05:52 +0800 Hi, all I want to implement the PEAP part 2 into freeradius, and the first part of PEAP is successful, freeradius can recieve the PEAP part 2 message in the tls channel and decrypt it to clean data. The problem is, if I want to use another EAP method such as EAP/MD5 which is already in freeradius, how can I call that module? Is anyone is doing the same thing? Thank you for your help! Xiong Lu Ying _ MSN Hotmail http://www.hotmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem when implementing TTLS
Hello, I have some problems when implementing the TTLS module. According to the draft, the client does not need to have a certificate to authenticate itself, which leads to phase 2 of the protocol. If the client has a proper certificate, then mutual authentication is achieved and there is no need for phase 2. So I think I have to modify the eaptls_ack_handler() to handle the Finished message. But how can I know if the client has already authenticated itself (i.e. it has a certificate)? Maybe I should also modify some of the callback function? Thanks for any help. regards, Zhou Ping~?????0~??b+?b?¥