Hello all, The patch for this problem is now available in the Radiator 3.5 patches area.
Cheers. On Tue, 21 Jan 2003 02:48, Mike McCauley wrote: > ---------- Forwarded Message ---------- > > Subject: Re: (RADIATOR) Problems with Colubris CN3000 > Date: Fri, 17 Jan 2003 19:06:56 -0500 > From: Mike McCauley <[EMAIL PROTECTED]> > To: Hugh Irvine <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Cc: "'engineering'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > > Hello all, > > Vincents patch is exactly the right answer. > We will post a patch in about 2 days. > > Cheers. > > On Thu, 16 Jan 2003 19:36, Hugh Irvine wrote: > > Hello Vincent - > > > > Many thanks for the patch. This is indeed a bug. > > > > Mike will have a patch up on the web site in the next day or so (we > > will post a message to the list). > > > > thanks again > > > > regards > > > > Hugh > > > > > > On Friday, Jan 17, 2003, at 11:29 Australia/Melbourne, Vincent Hua > > > > wrote: > > > Hi, there, > > > > > > I'm assuming all of you are using EAP-MD5 for authentication. We > > > identified > > > the same problem with 3.5. 3.3.1 didn't have the issue. Upon checking > > > out > > > the source code, there was problems with the EAP_4.pm source code. > > > Maybe the > > > programming team can tell us whether this is a blind spot in the > > > design or a > > > failure in architect ? > > > > > > I have the fix here for your reference here. Other auth methods seem > > > to be > > > fine. > > > > > > Good luck! > > > > > > ====================================== > > > Vincent Hua > > > Vice President Operations > > > Power2Roam Technologies Inc. > > > ISG InfoTech Systems Group Inc. > > > 13988 Cambie Road, Suite 313 (2/F) > > > Richmond, BC, V6V 2K4 > > > V: +1 (604) 303 6881 ext. 101 > > > F: +1 (604) 303 6854 > > > W: www.Power2Roam.com www.ISGGroup.com > > > ICQ: 196980 http://wwp.icq.com/196980 > > > > > > > > > =================== > > > # EAP_4.pm > > > # > > > # Module for handling Authentication via EAP type 4 (MD5-Challenge) # > > > # See > > > RFCs 2869 2284 1994 # # Author: Mike McCauley ([EMAIL PROTECTED]) # > > > Copyright (C) 2001 Open System Consultants # $Id: EAP_4.pm,v 1.9 > > > 2002/11/07 > > > 04:10:47 mikem Exp $ > > > > > > package Radius::EAP_4; > > > use strict; > > > > > > ##################################################################### > > > # request > > > # Called by EAP.pm when a request is received for this protocol type > > > sub > > > request { > > > my ($classname, $self, $context, $p, $data) = @_; > > > > > > return ($main::ACCEPT); > > > } > > > > > > ##################################################################### > > > # Called by EAP.pm when an EAP Response/Identity is received sub > > > response_identity { > > > my ($classname, $self, $context, $p) = @_; > > > > > > $context->{md5_challenge} = &Radius::Util::random_string(16); > > > my $message = pack('C a16 a*', > > > 16, # MD5 challenge length > > > $context->{md5_challenge}, > > > $main::hostname); > > > $self->eap_request($p->{rp}, $context, > > > $Radius::EAP::EAP_TYPE_MD5_CHALLENGE, $message); > > > return ($main::CHALLENGE, 'EAP MD5-Challenge'); > > > } > > > > > > ##################################################################### > > > # Called by EAP.pm when an EAP Response (other than Identity) > > > # is received > > > # $id is the id of the received EAP response > > > sub response > > > { > > > my ($classname, $self, $context, $p, $type, $typedata) = @_; > > > > > > # This should be a response to a challenge > > > # we sent previously. The challenge is cached > > > # in the challenges array, indexed by > > > # challenge_id. The response should be the MD5 hash > > > # the challenge_id, the password, the challenge > > > my ($length, $response, $username) = unpack('C a16 a*', $typedata); > > > > > > # OK, now we need the user details to check the password > > > my ($user, $result, $reason) = > > > $self->get_user($context->{identity}, > > > $p); > > > if ($user && $result == $main::ACCEPT) > > > { > > > my $correct_password = $user->get_check->get_attr('User-Password') > > > > > > || $user->get_check->get_attr('Password') ; > > > > > > my $correct_response = Digest::MD5::md5 > > > (chr($context->{this_id}) . > > > $correct_password . $context->{md5_challenge}); > > > > > > if ($correct_response eq $response) > > > { > > > $self->eap_success($p->{rp}, $context); > > > # add extra reply attributes for user <== NEXT > > > LINE IS THE LINE THAT'S MISSING WHICH CAUSES PROBLEM! > > > $self->authoriseUser($user, $p); > > > $self->adjustReply($p); > > > return ($main::ACCEPT); > > > } > > > } > > > $self->eap_failure($p->{rp}, $context); > > > return ($main::REJECT, 'EAP MD5-Challenge failed'); > > > } > > > > > > 1; > > > > > > ===================================================== > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > > Behalf Of engineering > > > Sent: January 16, 2003 12:50 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: (RADIATOR) Problems with Colubris CN3000 > > > > > > > > > Denis, > > > > > > We are encountering a very similar (if not the same) problem. We are > > > also > > > testing with a Colubris CN3000 and do not see the Colubris-AVPair > > > attributes > > > reaching the CN3000. Our radiator logs do not display the > > > Colubris-AVPair > > > attributes at all. > > > > > > This is for Radiator 3.5. > > > > > > We went back to 3.3.1, and the Colubris-AVPair attributes > > > seem to be getting through. The Radiator logs and the Colubris logs > > > both > > > attest to this. > > > > > > > > > Rodney Ebersole > > > Abbco Inc. > > > phone: (814) 234-9420 > > > eMail: [EMAIL PROTECTED] > > > IM: rebersoleabbcoinc [AIM, MSN, YAHOO] > > > > > > > > > > > > ----- Original Message ----- > > > From: "Denis Beauchemin" <[EMAIL PROTECTED]> > > > To: "Radiator" <[EMAIL PROTECTED]> > > > Sent: Thursday, January 16, 2003 12:01 PM > > > Subject: (RADIATOR) Problems with Colubris CN3000 > > > > > > > > > Hello, > > > > > > We are testing a Colubris CN3000 802.1x wireless access point and are > > > having > > > some problems with it. (see > > > http://www.colubris.com/en/products/public_access/CN3000/ for more > > > info). > > > > > > The biggest one is the HTTP URLs that don't seem to be sent to (or > > > accepted > > > by) the unit. > > > > > > Here is what I have in radius.cfg (I am using Radiator 3.5): <Client > > > 132.210.X.Y> > > > Secret oursecret > > > Identifier colubris > > > </Client> > > > <Handler Client-Identifier=colubris> > > > MaxSessions 1 > > > WtmpFileName %L/wtmp > > > AcctLogFileName %L/accounting > > > # PasswordLogFileName %L/password.log > > > <AuthBy DBFILE> > > > AutoMPPEKeys Yes > > > AddToReply Service-Type = Framed-User,\ > > > MS-MPPE-Encryption-Policy = Encryption-Allowed,\ > > > MS-MPPE-Encryption-Types = Encryption-Any,\ > > > Framed-Protocol = PPP,\ > > > Framed-IP-Netmask = 255.255.255.255,\ > > > Framed-Routing = None,\ > > > Framed-MTU = 1500,\ > > > Colubris-AVPair = > > > "login-url=https://somewhere.USherbrooke.ca:8443/java/colubris/ > > > login.jsp?log > > > inurl=%l",\ > > > Colubris-AVPair = > > > "session-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ > > > session.ht > > > ml",\ > > > Colubris-AVPair = > > > "transport-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ > > > transpor > > > t.html",\ > > > Colubris-AVPair = > > > "fail-page=https://somewhere.USherbrooke.ca:8443/java/colubris/ > > > fail.html",\ > > > Colubris-AVPair = > > > "logo=https://somewhere.USherbrooke.ca:8443/java/colubris/logo.gif",\ > > > Colubris-AVPair = > > > "access-list=carrefour,ACCEPT,tcp,132.210.X.Y,8443",\ > > > Colubris-AVPair = > > > "access-list=carrefour,ACCEPT,tcp,132.210.X.Y,80" > > > Filename %D/usersdb > > > RcryptKey our key > > > </AuthBy> > > > AuthLog Defaut > > > </Handler> > > > > > > This is what I added to dictionary: > > > VENDOR Colubris 8744 > > > VENDORATTR 8744 Colubris-AVPair 0 string > > > ATTRIBUTE Colubris-AVPair 0 string > > > > > > The Colubris-AVPair don't seem to get to the CN3000 when it logs on. > > > > > > Any ideas? I'm pretty sure I made a mistake in one of Radiator's conf > > > files. > > > > > > Thanks! > > > -- > > > Denis Beauchemin, analyste > > > Universit� de Sherbrooke, S.T.I. > > > T: 819.821.8000x2252 F: 819.821.8045 > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
![https://somewhere.USherbrooke.ca:8443/java/colubris/logo.gif",\](https://somewhere.USherbrooke.ca:8443/java/colubris/logo.gif",\){kind=link}