On 08/02/2019 16.37, André Da Cunha Araújo De Jesus wrote:
When testing with various internal smartphones, everything seems to work well (I just feel that there are many too many messages, but I don’t understand the protocol, might be normal).
TLS based EAP protocls are complicated. One way to get another view of how the protocols work is to look RADIUS traffic with Wireshark. Wireshark can display much of the TLS handshake in detail while Radiator debug log shows what happens within the TLS tunnel once it's established.
Radiator itself does not implement TLS but uses system libraries, typically OpenSSL, for handshake, encryption and decryption.
The problem I get, is when I put the radiator in production, I do get a lot of errors between some successes. From devices that I have no access (eduroam).
The error message about bad EAP message length is uncommon. Contents of EAP-Message look truncated or otherwise mangled. Could it be that there is something that strips EAP-Message attributes leaving just the last one, or there's something else that causes broken messages?
This error message should not be often, at least not repeatedly. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
