Windows Vista doing PEAP - WORKING!!!

Pedro Ribeiro pribeiro-bulk at net.ipl.pt
Wed Nov 29 16:30:25 CET 2006 

Hello Alan,

I can confirm it's working now!!!
When I've seen the comment in the release notes of Radiator I thought
it was a conditional compiling (#ifdef) flag, thanks for the help!

Tuesday, November 28, 2006, 10:06:11 PM, you wrote:

> Pedro Ribeiro <pribeiro-bulk at net.ipl.pt> wrote:
>> The "Radiator" people are talking about problems with SSL empty
>> fragments handing in Windows Vista ...
>> I've tried to compile FreeRADIUS with
>> SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same,
>> clients can't connect!

>   i.e. the patch below MAY help.  There is still an issue in the
> FreeRADIUS state machine where it MAY send an empty ACK once the SSL
> tunnel is set up.  Most clients seem to be OK with this, but maybe
> Vista isn't.

>   A solution, I *think* would be to have FreeRADIUS send an EAP
> Identity request inside of the tunneled session for PEAP, as soon as
> the session is established.  This should work with third-party
> supplicants, and may allow Vista to work, too.

>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog



> Index: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
> ===================================================================
> RCS file:
> /source/radiusd/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c,v
> retrieving revision 1.21.4.11
> diff -u -r1.21.4.11 rlm_eap_tls.c
> --- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 26 Oct 2006 17:13:04 -0000      1.21.4.11
> +++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c	28 Nov 2006 22:04:44 -0000
> @@ -368,7 +368,7 @@
>          *      time needed during negotiation, but it is not very
>          *      large.
>          */
> -       ctx_options |= SSL_OP_SINGLE_DH_USE;
> +       ctx_options |= SSL_OP_SINGLE_DH_USE |
> SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
>         SSL_CTX_set_options(ctx, ctx_options);
>  
>         /*



-- 
Best regards,

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pedro Ribeiro
IPLNet - Rede de dados e comunicações
Instituto Politécnico de Lisboa (IPL)
Mail: mailto:pribeiro at net.ipl.pt
VoIP: sip:pribeiro at net.ipl.pt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

More information about the Freeradius-Users mailing list