Loggint ntlm authentication

Garber, Neal Neal.Garber at iberdrolausa.com
Thu Sep 9 05:56:48 CEST 2010


Thread continued from freeradius-users list..

As I mentioned previously, I have the PEAP changes completed to save/retrieve reply attributes on authentication failure.

I've examined the TTLS code and I have a question.  The code to retrieve the saved reply attributes is done in a different place in the authenticate function as compared to the PEAP code.  I'm wondering if this was intentional?  If not, do you see a problem moving this code from the switch on status == EAPTLS_SUCCESS to the switch on rcode == PW_AUTHENTICATION_ACK (which was changed from RLM_MODULE_OK in ttls.c:eapttls_process)?  I would then add similar code to the rcode == PW_AUTHENTICATION_REJECT to retrieve the saved reply attributes.  Alternatively, I could add EAPTLS_FAIL to the switch on status and retrieve the attributes in that block (and then return 0 as it does in the default block).

I'm looking for some advice because I have no way of testing/debugging the TTLS code and I'm concerned about breaking it.  I'm also concerned because the code in the switch on status "returns" on EAPTLS_SUCCESS in rlm_eap_ttls whereas it falls through in rlm_eap_peap to the switch on rcode (TTLS only falls through when status == EAPTLS_OK).

Thanks..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20100908/32530e02/attachment.html>


More information about the Freeradius-Devel mailing list