3.0.13: Receive - Bad packet from host 127.0.0.1: Packet contains EAP-Message and non-EAP authentication attribute

Wegener, Norbert norbert.wegener at atos.net
Tue Mar 7 15:16:22 CET 2017 

With a basic installation, only "bob" in the users file actived I got
Success up to 3.0.12, and no answer in 3.0.13.
Is this expected behavior?

3.0.12 with success first:
./radtest  -t eap-md5 bob hello 127.0.0.1:1812 0 testing123 1 127.0.0.1
Loading input data...
Read 1 element(s) from input: stdin
Loaded: 1 input element(s).
Adding new socket: src: 0.0.0.0:0, dst: 127.0.0.1:1812
Added new socket: 5 (num sockets: 1)
Transaction: 0, sending packet: 0 (id: 21)...
Sent Access-Request Id 21 from 0.0.0.0:33496 to 127.0.0.1:1812 length 89
	User-Name = "bob"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0
	Message-Authenticator = 0x00
	EAP-Code = Response
	EAP-Type-Identity = 0x626f62
	Framed-Protocol = PPP
	EAP-Message = 0x0277000801626f62
Transaction: 0, received packet (id: 21).
Received Access-Challenge Id 21 from 127.0.0.1:1812 to 0.0.0.0:33496 length
80
	EAP-Message = 0x017800160410dfbd6f4cbedb8281528f4170d4504b84
	Message-Authenticator = 0xf8d239946a016deddfcaf6f925887969
	State = 0xaa28c811aa50cc1fbbc0ee1ebd59e596
	EAP-Id = 120
	EAP-Code = Request
	EAP-Type-MD5-Challenge = 0x10dfbd6f4cbedb8281528f4170d4504b84
Transaction: 0, sending packet: 1 (id: 174)...
Sent Access-Request Id 174 from 0.0.0.0:33496 to 127.0.0.1:1812 length 121
	User-Name = "bob"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0
	Message-Authenticator = 0x00
	EAP-Code = Response
	Framed-Protocol = PPP
	EAP-Type-MD5-Challenge = 0x109c7279923d1e2d4f5a86c172fbbd20ea
	EAP-Id = 120
	State = 0xaa28c811aa50cc1fbbc0ee1ebd59e596
	EAP-Message = 0x0278001604109c7279923d1e2d4f5a86c172fbbd20ea
Transaction: 0, received packet (id: 174).
Received Access-Accept Id 174 from 127.0.0.1:1812 to 0.0.0.0:33496 length 49
	EAP-Message = 0x03780004
	Message-Authenticator = 0xa15fd436d0a7546bb8f43a53b08f0f06
	User-Name = "bob"
	EAP-Id = 120
	EAP-Code = Success
Main loop: done.
---------------------------------------

The same request with 3.0.13:
./radtest  -t eap-md5 bob hello 127.0.0.1:1812 0 testing123 1 127.0.0.1
Loading input data...
Read 1 element(s) from input: stdin
Loaded: 1 input element(s).
Adding new socket: src: 0.0.0.0:0, dst: 127.0.0.1:1812
Added new socket: 5 (num sockets: 1)
Transaction: 0, sending packet: 0 (id: 114)...
Sent Access-Request Id 114 from 0.0.0.0:36448 to 127.0.0.1:1812 length 89
	User-Name = "bob"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0
	Message-Authenticator = 0x00
	EAP-Code = Response
	EAP-Type-Identity = 0x626f62
	Framed-Protocol = PPP
	EAP-Message = 0x0289000801626f62
Timeout for transaction: 0, tries (so far): 1 (max: 3)
Transaction: 0, sending packet: 1 (id: 114)...
Sent Access-Request Id 114 from 0.0.0.0:36448 to 127.0.0.1:1812 length 89
	User-Name = "bob"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0
	Message-Authenticator = 0x00
	EAP-Code = Response
	EAP-Type-Identity = 0x626f62
	Framed-Protocol = PPP
	EAP-Message = 0x0289000801626f62
Timeout for transaction: 0, tries (so far): 2 (max: 3)
Transaction: 0, sending packet: 2 (id: 114)...
Sent Access-Request Id 114 from 0.0.0.0:36448 to 127.0.0.1:1812 length 89
	User-Name = "bob"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0
	Message-Authenticator = 0x00
	EAP-Code = Response
	EAP-Type-Identity = 0x626f62
	Framed-Protocol = PPP
	EAP-Message = 0x0289000801626f62
Timeout for transaction: 0, tries (so far): 3 (max: 3)
No response for transaction: 0, giving up
Main loop: done.

Radius -X  in 3.0.13 shows:
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 49870
Listening on proxy address :: port 39694
Ready to process requests
Receive - Bad packet from host 127.0.0.1:  Packet contains EAP-Message and
non-EAP authentication attribute
Ready to process requests



Norbert Wegener

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20170307/bdd0345c/attachment.bin>

More information about the Freeradius-Devel mailing list