Dmitry Sergienko wrote:
> At last it works. Patch is in attachment.
> I'm still not sure if this patch doesn't break anything so please double
> check it. I'm new to freeradius code.
The patch is correct. I've also added a similar patch to ttls.c
Thanks.
Alan DeKok.
-
List info/subscribe/
Hi!
Dmitry Sergienko wrote:
But during proxying handler->request->packet->src_ipaddr.ipaddr.ip4addr
is zero:
I'll try to debug deeper and figure out how to fix this correctly (and
not to break anything else ;)
At last it works. Patch is in attachment.
I'm still not sure if this patch doe
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Please give me some tips how/where to fix this issue. I'm somewhat lost
while debugging this EAP stuff with tunnelling and proxying ;)
It's rather complicated after a while. I'm not sure how it can be
easily debugged...
Added some functions t
Dmitry Sergienko wrote:
> Please give me some tips how/where to fix this issue. I'm somewhat lost
> while debugging this EAP stuff with tunnelling and proxying ;)
It's rather complicated after a while. I'm not sure how it can be
easily debugged...
Alan DeKok.
-
List info/subscribe/unsubscrib
Hi!
Alan DeKok wrote:
Ah... you're using xsupplicant. It's sending an EAP-MSCHAPv2 ACK to
the SUCCESS that the server sends. Apparently this is handled properly
when the server isn't proxying. I'm not sure why it isn't handled when
the server proxies the request.
Please give me some tips
Dmitry Sergienko wrote:
> Hi!
> Both logs of xsupplicant and freeradius are available here (posting here
> exceeds the limit of 100Kb):
Ah... you're using xsupplicant. It's sending an EAP-MSCHAPv2 ACK to
the SUCCESS that the server sends. Apparently this is handled properly
when the server isn
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Config file is the same as default example proxy-inner-tunnel in 2.0.2
release with modified realm name only.
I really don't understand.
1) default config
Configuration from scratch.
on Debian:
cd freeradius-server-2.0.2
dpkg-buildpackage -
Dmitry Sergienko wrote:
> Config file is the same as default example proxy-inner-tunnel in 2.0.2
> release with modified realm name only.
I really don't understand.
1) default config
2) edit eap.conf, peap{} section to set proxy_tunneled_request_as_eap = no
3) edit eap.conf, peap{} sectio
Hi!
[EMAIL PROTECTED] wrote:
Hi,
Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
for user '[EMAIL PROTECTED]'
Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
accepting the user
whoah. WinXP is very fussy (as should all EAP clients) abo
Dmitry Sergienko wrote:
> Situation gets more clear if eap module is being called in post-proxy
> section of proxy-inner-tunnel:
I've updated the proxy-inner-tunnel example to work.
It sends the MS-CHAP2-Success as part of the EAP session.
And please don't CC me on messages to the list. I
Hi,
> Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
> for user '[EMAIL PROTECTED]'
> Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
> accepting the user
whoah. WinXP is very fussy (as should all EAP clients) about getting a proper
EAP re
Hi!
Situation gets more clear if eap module is being called in post-proxy section of
proxy-inner-tunnel:
Wed Feb 13 01:31:41 2008 : Debug: +- entering group post-proxy
Wed Feb 13 01:31:41 2008 : Debug: modsingle[post-proxy]: calling eap
(rlm_eap) for request 7
Wed Feb 13 01:31:41 2008 : Deb
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Thanks for the tip.
successfully_proxied_request() also needs patching:
Fixed, thanks.
Thanks for committing patches.
But I have to return to the question of proxying EAP-PEAP-MS-CHAPv2. I've spent several
nights with gdb, radsniff and xsuppl
Dmitry Sergienko wrote:
> Thanks for the tip.
> successfully_proxied_request() also needs patching:
Fixed, thanks.
> The second oddity: when setting "proxy_tunneled_request_as_eap = no"
> proxying is not working because no inner MSCHAPv2 request extracted.
> Debug looks like this:
..
> Solution
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization.
Switched to FreeRadius 2.0.1 from 1.1.7.
I think the issue was introduced recently. Try editing
src/ma
Dmitry Sergienko wrote:
> Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
>
> Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization.
> Switched to FreeRadius 2.0.1 from 1.1.7.
I think the issue was introduced recently. Try editing
src/main/event.c, functio
Hi!
Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. Switched to
FreeRadius 2.0.1 from 1.1.7.
What I need: extract MSCHAPv2 auth from PEAP, proxy auth to external server
which knows nothing about EAP.
A
17 matches
Mail list logo