Dmitry Sergienko wrote:
Please give me some tips how/where to fix this issue. I'm somewhat lost
while debugging this EAP stuff with tunnelling and proxying ;)
It's rather complicated after a while. I'm not sure how it can be
easily debugged...
Alan DeKok.
-
List
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Please give me some tips how/where to fix this issue. I'm somewhat lost
while debugging this EAP stuff with tunnelling and proxying ;)
It's rather complicated after a while. I'm not sure how it can be
easily debugged...
Added some functions
Hi!
Dmitry Sergienko wrote:
But during proxying handler-request-packet-src_ipaddr.ipaddr.ip4addr
is zero:
I'll try to debug deeper and figure out how to fix this correctly (and
not to break anything else ;)
At last it works. Patch is in attachment.
I'm still not sure if this patch
Dmitry Sergienko wrote:
At last it works. Patch is in attachment.
I'm still not sure if this patch doesn't break anything so please double
check it. I'm new to freeradius code.
The patch is correct. I've also added a similar patch to ttls.c
Thanks.
Alan DeKok.
-
List
Hi!
Alan DeKok wrote:
Ah... you're using xsupplicant. It's sending an EAP-MSCHAPv2 ACK to
the SUCCESS that the server sends. Apparently this is handled properly
when the server isn't proxying. I'm not sure why it isn't handled when
the server proxies the request.
Please give me some
Dmitry Sergienko wrote:
Hi!
Both logs of xsupplicant and freeradius are available here (posting here
exceeds the limit of 100Kb):
Ah... you're using xsupplicant. It's sending an EAP-MSCHAPv2 ACK to
the SUCCESS that the server sends. Apparently this is handled properly
when the server isn't
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Config file is the same as default example proxy-inner-tunnel in 2.0.2
release with modified realm name only.
I really don't understand.
1) default config
Configuration from scratch.
on Debian:
cd freeradius-server-2.0.2
dpkg-buildpackage
Hi!
[EMAIL PROTECTED] wrote:
Hi,
Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
for user '[EMAIL PROTECTED]'
Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
accepting the user
whoah. WinXP is very fussy (as should all EAP clients)
Dmitry Sergienko wrote:
Config file is the same as default example proxy-inner-tunnel in 2.0.2
release with modified realm name only.
I really don't understand.
1) default config
2) edit eap.conf, peap{} section to set proxy_tunneled_request_as_eap = no
3) edit eap.conf, peap{} section
Dmitry Sergienko wrote:
Situation gets more clear if eap module is being called in post-proxy
section of proxy-inner-tunnel:
I've updated the proxy-inner-tunnel example to work.
It sends the MS-CHAP2-Success as part of the EAP session.
And please don't CC me on messages to the list. I
Hi,
Tue Feb 12 23:45:21 2008 : Error: Warning: Found 2 auth-types on request
for user '[EMAIL PROTECTED]'
Tue Feb 12 23:45:21 2008 : Debug: rad_check_password: Auth-Type = Accept,
accepting the user
whoah. WinXP is very fussy (as should all EAP clients) about getting a proper
EAP
Hi!
Situation gets more clear if eap module is being called in post-proxy section of
proxy-inner-tunnel:
Wed Feb 13 01:31:41 2008 : Debug: +- entering group post-proxy
Wed Feb 13 01:31:41 2008 : Debug: modsingle[post-proxy]: calling eap
(rlm_eap) for request 7
Wed Feb 13 01:31:41 2008 :
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Thanks for the tip.
successfully_proxied_request() also needs patching:
Fixed, thanks.
Thanks for committing patches.
But I have to return to the question of proxying EAP-PEAP-MS-CHAPv2. I've spent several
nights with gdb, radsniff and
Dmitry Sergienko wrote:
Thanks for the tip.
successfully_proxied_request() also needs patching:
Fixed, thanks.
The second oddity: when setting proxy_tunneled_request_as_eap = no
proxying is not working because no inner MSCHAPv2 request extracted.
Debug looks like this:
..
Solution is
Hi!
Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization. Switched to
FreeRadius 2.0.1 from 1.1.7.
What I need: extract MSCHAPv2 auth from PEAP, proxy auth to external server
which knows nothing about EAP.
Dmitry Sergienko wrote:
Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization.
Switched to FreeRadius 2.0.1 from 1.1.7.
I think the issue was introduced recently. Try editing
src/main/event.c, function
Hi!
Alan DeKok wrote:
Dmitry Sergienko wrote:
Does anyone here have working inner tunnel proxying with freeradius 2.0.x?
Still having troubles with doing EAP-PEAP-MSCHAPv2 authorization.
Switched to FreeRadius 2.0.1 from 1.1.7.
I think the issue was introduced recently. Try editing
17 matches
Mail list logo
