On 02/14/2014 07:17 PM, Garry Shtern wrote: > I have noticed that if Radiator receives a midstream EAP exchange > message, it responds back with a CHALLENGE.
I would expect something like this with PEAP. ERR: EAP TLS error: -1, 1, 8465, 13062: 1 - error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record Then an Access-Reject is sent back to the client. > I am trying to understand > what exactly happens at this point. Does the Supplicant respond to the > challenge with a brand new exchange or just retransmits whatever packet > it sent before? If it’s the latter, is there any way to force a > supplicant to re-start the negotiation, perhaps with a crafted CHALLENGE? The supplicant probably restarts, but that's only because it got an unexpected response. I most cases I would expect that a midstream EAP message results as a some sort of error on Radiator side. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
