Since you seem to know something about this, can you either:
A) Explain what the extended key oid nonsense is?
B) Point me to some place I can read about it?
http://www.freeradius.org/doc/
See the EAP-TLS stuff.
Microsoft requires magic stuff in the server certificate,
Eliot, Wireless and Server Administrator,
Great Lakes Internet [EMAIL PROTECTED] wrote:
I am proxying the packets from the Cisco through the FreeRADIUS server
to the IAS server. EAP messages are exchanged between the supplicant and
the IAS server; the Cisco AP and FreeRADIUS server do
Is the message authenticator attribute properly implemented in
FreeRADIUS? I see this in the code:
/*
* EAP-Message is always associated with
* Message-Authenticator but not vice-versa.
*
* Don't add a Message-Authenticator if it's already
* there.
*/
vp = pairfind
Eliot, Wireless and Server Administrator,
Great Lakes Internet [EMAIL PROTECTED] wrote:
Is the message authenticator attribute properly implemented in
FreeRADIUS?
Huh? Would you expect the answer to be no?
This indicates that anytime it adds a Message-Authenticator attribute
@lists.freeradius.org
Subject: Message-Authenticator Attribute
Is the message authenticator attribute properly implemented in
FreeRADIUS? I see this in the code:
/*
* EAP-Message is always associated with
* Message-Authenticator but not vice-versa.
*
* Don't add a Message
I read a post from a long time ago about putting the
attribute (set to any value) in the response list, but that does not
seem to work (unless I did it wrong):
/etc/raddb/preproxy_users:
DEFAULT
Message-Authenticator = 1
You're adding it to the proxied packet. Read the
Eliot, Wireless and Server Administrator,
Great Lakes Internet [EMAIL PROTECTED]
Correct me if I'm
wrong, but EAP should be doing Message-Authenticator stuff without me
needing to tell it to add the attribute, right?
Yes.
Since you seem to know something about this, can you
7 matches
Mail list logo
