Re: [RADIATOR] random EAP authentication errors since 4.17

Wed, 30 Nov 2016 07:05:34 -0800 

Hi,

thanks for the quick response!

In the meantime I tried the new EAP_UseState,  didn't fix the problem
but also didn't have any negative effect. Do you recommend to already
use it?

Disabling EAP session resumption seems to have fixed the issue
(EAPTLS_SessionResumption 0).


On 2016-11-30 15:38, Tuure Vartiainen wrote:

Hello,


On 30 Nov 2016, at 16:27, Hartmaier Alexander 
<alexander.hartma...@t-systems.at> wrote:

we have random EAP authentication errors since the upgrade to 4.17.
I figured it might have something to do with the EAP session resumption
changes in 4.17.


interesting, could you please send a trace 5 debug log for few authentication
errors?

I would have to force the errors again by reenabling EAP session
resumption which I'd rather like not to do.



The release notes only mentions to look at EAP.pm regarding required
hook code changes. I guess one should now use $self->getEAPContext($p)
instead of $p->{EAPContext} directly.

The problem is that $self isn't passed to any hook!

I couldn't find an example in the goodies either.

Please advice how to resolve this.


you can call it

$p->{AuthBy}->getEAPContext($p)

but the function is only available when processing $p which has EAP-Message AVP.

So it should be safe to use it in EAP specific hooks like
EAPTLS_CertificateVerifyHook and PostAuthHook in Handler that check for
TunnelledByPEAP=1?

I've changed:

my $context =  $p->{EAPContext};

to:

my $self = $p->{AuthBy};
my $context = ($main::config->{EAP_UseState})
    ? $self->getEAPContextState($p, $code, $type)
    : $self->getEAPContext($p);

as seen in EAP.pm. Should I always call getEAPContext instead? If the
above is required I'd advice to add a method doing that to EAP.pm.
The problem with getEAPContextState is that I don't have $code and $type
in my hook.




BR

Best regards, Alex


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be 
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to