Hi,
The attached patch allows me to get the post-auth called in
Access-Accept when LEAP is used. In the rad_authenticate routine from
auth.c returns without going further to call rad_postauth if the called
to rad_check_password returns with RLM_MODULE_HANDLED. In the
eap_compose routine, the special handling for LEAP returns
RLM_MODULE_HANDLED and therefore, rad_postauth does not get called. I
changed to RLM_MODULE_OK and tested out and seems to work alright and
post-auth in Access-Accept is getting called in all the EAP types that I
am using including LEAP.
Can someone please check this and make sure that the fix makes sense?
Thanks,
Htin
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Htin Hlaing
> Sent: Friday, June 25, 2004 8:49 AM
> To: [EMAIL PROTECTED]
> Subject: Post-Auth for Access-Accept not called with LEAP
>
> Hi,
>
>
> I have the following set up in my radiusd to get auth results. With
> other EAP types like peap, ttls, etc. I get Access-Accepts also
logged
> in the reply_log. For LEAP, I am not getting it. From debug run, I
> don't see post-auth getting called at all. How can I fix to get the
> post-auth called for LEAP successful logons. I am using 1.0 pre3
release
>
> post-auth {
> #
> # If you want to have a log of authentication replies,
> # un-comment the following line, and the 'detail reply_log'
>
> # section, above.
> reply_log
>
> #
> # Access-Reject packets are sent through the REJECT
sub-section
> # of the post-auth section.
> #
> Post-Auth-Type REJECT {
> reply_log
> }
>
> }
>
>
> From the debug run:
> Fri Jun 25 08:01:31 2004 : Debug: modsingle[authenticate]: calling
eap
> (rlm_eap) for request 818
> Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: Request found, released
> from the list
> Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: EAP/leap
> Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: processing type leap
> Fri Jun 25 08:01:31 2004 : Debug: rlm_eap_leap: Stage 6
> Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: Freeing handler
> Fri Jun 25 08:01:31 2004 : Debug: modsingle[authenticate]: returned
> from eap (rlm_eap) for request 818
> Fri Jun 25 08:01:31 2004 : Debug: modcall[authenticate]: module
"eap"
> returns handled for request 818
> Fri Jun 25 08:01:31 2004 : Debug: modcall: group authenticate returns
> handled for request 818
> Sending Access-Accept of id 24 to 192.168.10.118:1815
> Reply-Message = "Bourne Supremacy"
> Cisco-AVPair +=
>
"leap:session-key=\323\277\274\004K\220\216g\312`\342R\370(\231\200nS\20
> 2\376]\335\000\257|^\367=y\350\241e\356b"
> EAP-Message =
>
0x02050024110100188646b59d02ce73d88f8f37d098ccd25d303f17a18e7425a8646f75
> 67
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "doug"
> Proxy-State = 0x313439
> Fri Jun 25 08:01:31 2004 : Debug: Finished request 818
> Fri Jun 25 08:01:31 2004 : Debug: Going to the next request
> Fri Jun 25 08:01:31 2004 : Debug: Waking up in 6 seconds...
> Fri Jun 25 08:01:37 2004 : Debug: --- Walking the entire request list
> ---
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
Index: eap.c
===================================================================
RCS file: /home/cvs/ambit2/FreeRadius/radiusd/src/modules/rlm_eap/eap.c,v
retrieving revision 1.3
diff -u -r1.3 eap.c
--- eap.c 22 Jun 2004 17:10:55 -0000 1.3
+++ eap.c 25 Jun 2004 17:24:57 -0000
@@ -551,7 +551,7 @@
if (!request->reply->code) switch(reply->code) {
case PW_EAP_RESPONSE:
request->reply->code = PW_AUTHENTICATION_ACK;
- rcode = RLM_MODULE_HANDLED; /* leap weirdness */
+ rcode = RLM_MODULE_OK; /* leap weirdness */
break;
case PW_EAP_SUCCESS:
request->reply->code = PW_AUTHENTICATION_ACK;
