[email protected] wrote: > >> No one in London wants to go to Sussex though and from my logs it does >> not look like anyway from Sussex wants to go to London either ;) >> >> If someone gives me something better to use in my RADIUS packets then >> I'm game. Meanwhile I keep meaning to glue 'exec' and 'fortune' >> together and see if anyone notices. > > I've been having a lok at such packets on the national proxy and wonder > if its because people are just blamming a reply-message in at an wrong > stage...eg during Auth? would a default entry in use users file or > SQL group reply table cause such wrongness? most likely. > I have an entry in my 'users' file for if people insist on sending their username without a realm, or mix inner/outer domains, <insert other braindead-ness>. It's more for me whilst looking through my SQL logs, however I also slip into my Reply-Message a comment if the authentication attempt was against a test (non-production use) account.
> crack-pipe question of the day: > > could reply messages be used with some smart server-end code to provide > a data communication channel? ie user A has code that attempts to use EAP > with special username coding...the remote server is designed > to throw responses in EAP messages...which the modified supplicant > on the client can then extract? this could tunnel traffic through > an 802.1X restricted network? in fact, is the inner EAP traffic limited > at all? once the authentication outer layer is started i should be > able to just keep throwing data back/forward through that tube? > Alternatively the 'smart server-end' could just send an Access-Accept :) Cheers -- Alexander Clouter .sigmonster says: Available while quantities last. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
