Ok, I changed a few thing in the code and got it working for inner EAP-MD5.
But EAP-MSCHAPV2 is giving me trouble but I think this is because the EAP-MSCHAPV2 is quite different as it generates it's own MPPE keys and so forth which might be screwing up the connection... All I really want to know is if I correct in stating that INNER EAP for TTLS is not fully functional in freeradius yet? Regards, Tom Rixom > -----Original Message----- > From: Tom Rixom > Sent: Friday, March 05, 2004 1:36 PM > To: [EMAIL PROTECTED] > Subject: RE: EAP-TTLS-EAP-* > > > Ok, > > I have had a look at the code and as far as I can see the > following occurs: > > - TTLS handshake successful > - TTLS tunnels decrypt inner EAP-Identity message > - EAP-Identity is sent to inner EAP-MD5 Module > - Inner EAP-MD5 module generates EAP Access-Challenge message > - The EAP-TTLS module looks at the Access-Challenge and > generates a RLM_MODULE_HANDLED return code > - The EAP-TTLS module looks at the return code, and because > RLM_MODULE_HANDLED is not handled > it generates an error and the authentication fails... > > Does this mean Inner EAP is not supported in EAP-TTLS? > > Gr, > > Tom Rixom > > > -----Original Message----- > > From: Tom Rixom > > Sent: Friday, March 05, 2004 11:22 AM > > To: Freeradius-Users (E-mail) > > Subject: EAP-TTLS-EAP-* > > > > > > Howdie, > > > > I am trying to get EAP-TTLS-EAP-* working... but I keep > > running into the > > following with any EAP type within EAP-TTLS. > > > > rlm_eap_tls: Length Included > > eaptls_verify returned 11 > > eaptls_process returned 7 > > rlm_eap_ttls: Session established. Proceeding to decode > > tunneled attributes. > > TTLS: Got tunneled request > > EAP-Message = 0x0200001701746f6d2e7269786f6d40746573742e636f6d > > Message-Authenticator = 0x00000000000000000000000000000000 > > FreeRADIUS-Proxied-To = 127.0.0.1 > > TTLS: Got tunneled identity of [EMAIL PROTECTED] > > TTLS: Setting default EAP type for tunneled EAP session. > > TTLS: Sending tunneled request > > EAP-Message = 0x0200001701746f6d2e7269786f6d40746573742e636f6d > > Message-Authenticator = 0x00000000000000000000000000000000 > > FreeRADIUS-Proxied-To = 127.0.0.1 > > User-Name = "[EMAIL PROTECTED]" > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 5 > > modcall[authorize]: module "preprocess" returns ok for request 5 > > modcall[authorize]: module "chap" returns noop for request 5 > > modcall[authorize]: module "mschap" returns noop for request 5 > > rlm_realm: Looking up realm "test.com" for User-Name = > > "[EMAIL PROTECTED]" > > rlm_realm: Found realm "test.com" > > rlm_realm: Adding Stripped-User-Name = "tom.rixom" > > rlm_realm: Proxying request from user tom.rixom to > realm test.com > > rlm_realm: Adding Realm = "test.com" > > rlm_realm: Authentication realm is LOCAL. > > modcall[authorize]: module "suffix" returns noop for request 5 > > rlm_eap: EAP packet type response id 0 length 23 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 5 > > users: Matched tom.rixom at 80 > > modcall[authorize]: module "files" returns ok for request 5 > > modcall: group authorize returns updated for request 5 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 5 > > rlm_eap: EAP Identity > > rlm_eap: processing type md5 > > rlm_eap_md5: Issuing Challenge > > modcall[authenticate]: module "eap" returns handled for request 5 > > modcall: group authenticate returns handled for request 5 > > TTLS: Got tunneled reply RADIUS code 11 > > EAP-Message = 0x010100160410450549cc85b2e560a6c7010b8a0d456a > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0xc286e5115c81914c9ae2633ea0b90b4f > > TTLS: Got tunneled Access-Challenge > > rlm_eap: Handler failed in EAP/ttls > > TTLS: Freeing handler for user [EMAIL PROTECTED] > > rlm_eap: Failed in EAP select > > modcall[authenticate]: module "eap" returns invalid for request 5 > > modcall: group authenticate returns invalid for request 5 > > auth: Failed to validate the user. > > Delaying request 5 for 1 seconds > > Finished request 5 > > Going to the next request > > > > I guess this is a config problem... > > > > As you can see the rlm_eap_md5 does issue a challenge but > > when the rlm_eap > > module takes over it fails without an error message... > > > > Has anyone got this workging with the Odyssey or Aegis client? > > > > Tom Rixom > > > > Alfa & Ariss > > Network Security Solutions > > www.alfa-ariss.com > > > > Lansinkesweg 4-226 > > 7553 AE Hengelo Ov > > PO Box 960-35 > > 7550 AZ Hengelo Ov > > The Netherlands > > > > Tel: +31 (0)74 2555 636 > > E-mail: [EMAIL PROTECTED] > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
