Re: Why use eap_start() function?

Sun, 12 Jan 2003 23:15:06 -0800 

hi

i'm not sure, i've got your question right but still:


> (Question)
> 1.first, in src/main/rlm_eap/rlm_eap.c : eap_authorize() comment says
>    /*
>     * For EAP_START, send Access-Challenge with EAP Identity request.
>     * even when we have to proxy this request
>     */
>   i think eap identify used by AP not radius server.but free radius server recvs 
>eap_response then send eap identify..
> why user eap_start?..it cause all problem...

AP do not have any identities and if they have, supplicant wouldn't
care. it should be definitely the user/machine identity on the
supplicant side.


>  Athentication-Request
>         User-Name = "wilee" <==insert by my AP for test,in case null, result is 
>same..

actually you have always at least two identities, one in the User-Name,
the other in the EAP-Message. AP getting only EAPOL frames on its
(wireless) client interface, should copy the EAP message content into
the RADIUS EAP-Message attribute AND the EAP-identity into the User-Name
attribute. So, both identities should be the same. for as far as i know,
freeradius does not check it for the moment and uses the EAP identity
whatever you write into the User-Name. that's why the result is the
same.

if i understood correctly, you develop 802.1x-AP code. your code should
definitely send the same in both attributes (if you want be completely
sure s. ieee 802.1x draft standard).



ciao
artur






>         Called-Station-Id = "00-d0-b7-b8-9f-99" <==AP MAC
>         Calling-Station-Id = "00-80-ad-7f-17-80" <=XP MAC
>         NAS-Identifier = "172.27.4.2" <=AP IP
>         NAS-IP-Address = 172.27.4.2 <=AP_IP
>         NAS-Port = 1
>         NAS-Port-Type = Ethernet
>         Connect-Info = "100000000" <=speed
>         Service-Type = Authenticate-Only(8)
>         Framed-MTU = 1500
>         State = 0x536174657320636f706965642069662065786973742e69742069732074657374
>         EAP-Message = "\002O"
>         Message-Authenticator = 0xc474dd2b9a5000a0b7ec8b71e044a8fb
> rlm_eap: Got EAP_START message <==it is very important!. eap_start() func call..
> Sending Access-Challenge of id 157 to 172.27.4.2:32769
>         EAP-Message = "\001P\000\005\001"
>         Message-Authenticator = 0x00000000000000000000000000000000
> .+-�w��˛���m��˛���m�zm�����y��v+���?�+-����mml==

-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to