Re: 1.1.4 - TTLS - missing attributes

Alan DeKok Fri, 16 Feb 2007 00:50:00 -0800

Bjarni Hardarson wrote:
> Hi list!
> 
> Recently upgraded from 1.1.3 to 1.1.4 to support EAP-PEAP for Windows 
> Vista clients. That works fine but now I got problems with missing reply 
> attributes for Mac OSX clients using EAP-TTLS.
> 
> FreeRADIUS sends an Access-Challenge with the correct attributes but 
> they are missing from the final Access-Accept.


  Please try the attached patch.  If it works, I'll add it to 1.1.5.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

? src/modules/rlm_eap/radeapclient
Index: src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h
===================================================================
RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h,v
retrieving revision 1.5.4.1
diff -u -r1.5.4.1 eap_ttls.h
--- src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h   6 Feb 2006 16:23:57 
-0000       1.5.4.1
+++ src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h   16 Feb 2007 08:33:25 
-0000
@@ -27,6 +27,7 @@
 typedef struct ttls_tunnel_t {
        VALUE_PAIR      *username;
        VALUE_PAIR      *state;
+       VALUE_PAIR      *reply;
        int             authenticated;
        int             default_eap_type;
        int             copy_request_to_tunnel;
Index: src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c,v
retrieving revision 1.17.2.2.2.3
diff -u -r1.17.2.2.2.3 ttls.c
--- src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c       18 Oct 2006 21:49:47 
-0000      1.17.2.2.2.3
+++ src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c       16 Feb 2007 08:33:25 
-0000
@@ -611,6 +611,9 @@
                        DEBUG2("  TTLS: Got MS-CHAP2-Success, tunneling it to 
the client in a challenge.");
                        rcode = RLM_MODULE_HANDLED;
                        t->authenticated = TRUE;
+                       
+                       t->reply = reply->vps;
+                       reply->vps = NULL;
                } else { /* no MS-CHAP2-Success */
                        /*
                         *      Can only have EAP-Message if there's
@@ -643,8 +646,13 @@
                 */
                if (t->use_tunneled_reply) {
                        pairdelete(&reply->vps, PW_PROXY_STATE);
-                       pairadd(&request->reply->vps, reply->vps);
-                       reply->vps = NULL;
+
+                       if (!t->reply) {
+                               pairadd(&request->reply->vps, reply->vps);
+                               reply->vps = NULL;
+                       } else {
+                               pairadd(&request->reply->vps, reply->vps);
+                       }
                }
                break;

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 1.1.4 - TTLS - missing attributes

Reply via email to