Current status of freeradius v4

Jan-Frederik Rieckers rieckers+freeradius-devel at uni-bremen.de
Wed Jul 24 20:11:55 CEST 2019



On 24.07.19 19:26, Alan DeKok wrote:
>   If you're running that code, you don't need to manually set the reply packet type.  It should just work.

I've tried these "fixes":

* Leave everything as it is
* Remove the update{} section
* Add the "ok" after the update{}

All of these fixes don't work.

When I run eapol_test, it tells me for the reply
Invalid Message-Authenticator!
Incoming RADIUS packet did not have correct Message-Authenticator - dropped

So it seems to be a problem with message authenticator also?

If it would help, I could try to create a set of docker containers to
replicate my test setup.

Currently this (shoud be|is) the trace of the Radius-Packets:

|------------------------------|
| Test Machine with eapol_test |
|------------------------------|
    | RADIUS
    V
|------------------------------|
| Selfcompiled Freeradius      |
|------------------------------|
    | RADIUS
    V
|----------------------------------|
| Radsecproxy on production server |
|----------------------------------|
    | RADIUS over TLS
    V
|--------------------------------|
| Radsecproxy on my server       |
|   | RADIUS                     |
|   V                            |
| Freeradius 3.0.17 on my server |
|--------------------------------|

So there are a lot of places where it could break, I'll try out for
myself which setups work and which don't.

Jan-Frederik Rieckers



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20190724/4b65466f/attachment.sig>


More information about the Freeradius-Devel mailing list