Hi,

The attached patch allows me to get the post-auth called in
Access-Accept when LEAP is used.  In the rad_authenticate routine from
auth.c returns without going further to call rad_postauth if the called
to rad_check_password returns with RLM_MODULE_HANDLED.  In the
eap_compose routine, the special handling for LEAP returns
RLM_MODULE_HANDLED and therefore, rad_postauth does not get called.  I
changed to RLM_MODULE_OK and tested out and seems to work alright and
post-auth in Access-Accept is getting called in all the EAP types that I
am using including LEAP.

Can someone please check this and make sure that the fix makes sense?

Thanks,
Htin

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Htin Hlaing
> Sent: Friday, June 25, 2004 8:49 AM
> To: [EMAIL PROTECTED]
> Subject: Post-Auth for Access-Accept not called with LEAP
> 
> Hi,
> 
> 
> I have the following set up in my radiusd to get auth results. With
> other EAP types like peap, ttls, etc.  I get Access-Accepts also
logged
> in the reply_log.  For LEAP, I am not getting it.  From debug run, I
> don't see post-auth getting called at all.  How can I fix to get the
> post-auth called for LEAP successful logons. I am using 1.0 pre3
release
> 
> post-auth {
>         #
>         #  If you want to have a log of authentication replies,
>         #  un-comment the following line, and the 'detail reply_log'
> 
>         #  section, above.
>         reply_log
> 
>         #
>         #  Access-Reject packets are sent through the REJECT
sub-section
>         #  of the post-auth section.
>         #
>         Post-Auth-Type REJECT {
>                 reply_log
>         }
> 
> }
> 
> 
> From the debug run:
> Fri Jun 25 08:01:31 2004 : Debug:   modsingle[authenticate]: calling
eap
> (rlm_eap) for request 818
> Fri Jun 25 08:01:31 2004 : Debug:   rlm_eap: Request found, released
> from the list
> Fri Jun 25 08:01:31 2004 : Debug:   rlm_eap: EAP/leap
> Fri Jun 25 08:01:31 2004 : Debug:   rlm_eap: processing type leap
> Fri Jun 25 08:01:31 2004 : Debug:   rlm_eap_leap: Stage 6
> Fri Jun 25 08:01:31 2004 : Debug:   rlm_eap: Freeing handler
> Fri Jun 25 08:01:31 2004 : Debug:   modsingle[authenticate]: returned
> from eap (rlm_eap) for request 818
> Fri Jun 25 08:01:31 2004 : Debug:   modcall[authenticate]: module
"eap"
> returns handled for request 818
> Fri Jun 25 08:01:31 2004 : Debug: modcall: group authenticate returns
> handled for request 818
> Sending Access-Accept of id 24 to 192.168.10.118:1815
>         Reply-Message = "Bourne Supremacy"
>         Cisco-AVPair +=
>
"leap:session-key=\323\277\274\004K\220\216g\312`\342R\370(\231\200nS\20
> 2\376]\335\000\257|^\367=y\350\241e\356b"
>         EAP-Message =
>
0x02050024110100188646b59d02ce73d88f8f37d098ccd25d303f17a18e7425a8646f75
> 67
>         Message-Authenticator = 0x00000000000000000000000000000000
>         User-Name = "doug"
>         Proxy-State = 0x313439
> Fri Jun 25 08:01:31 2004 : Debug: Finished request 818
> Fri Jun 25 08:01:31 2004 : Debug: Going to the next request
> Fri Jun 25 08:01:31 2004 : Debug: Waking up in 6 seconds...
> Fri Jun 25 08:01:37 2004 : Debug: --- Walking the entire request list
> ---
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
Index: eap.c
===================================================================
RCS file: /home/cvs/ambit2/FreeRadius/radiusd/src/modules/rlm_eap/eap.c,v
retrieving revision 1.3
diff -u -r1.3 eap.c
--- eap.c       22 Jun 2004 17:10:55 -0000      1.3
+++ eap.c       25 Jun 2004 17:24:57 -0000
@@ -551,7 +551,7 @@
        if (!request->reply->code) switch(reply->code) {
        case PW_EAP_RESPONSE:
                request->reply->code = PW_AUTHENTICATION_ACK;
-               rcode = RLM_MODULE_HANDLED; /* leap weirdness */
+               rcode = RLM_MODULE_OK; /* leap weirdness */
                break;
        case PW_EAP_SUCCESS:
                request->reply->code = PW_AUTHENTICATION_ACK;

Reply via email to