Windows Vista doing PEAP

Dourty, Brian R. (IATS) DourtyB at missouri.edu
Mon Oct 23 21:47:50 CEST 2006 

Got this patch to work with 1.1.3 without seg faulting... I've sent Alan
the debug output.

Can download it here:
http://bengal.missouri.edu/~dourtyb/freeradius/vista.patch

Index: src/modules/rlm_eap/rlm_eap.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_eap/rlm_eap.c,v
retrieving revision 1.26.2.1.2.1
diff -u -r1.26.2.1.2.1 rlm_eap.c
--- src/modules/rlm_eap/rlm_eap.c       6 Feb 2006 16:23:52 -0000
1.26.2.1.2.1
+++ src/modules/rlm_eap/rlm_eap.c       18 Oct 2006 21:15:45 -0000
@@ -338,6 +338,7 @@
         *      We are done, wrap the EAP-request in RADIUS to send
         *      with all other required radius attributes
         */
+       DEBUG2("VISTA[%s:%d]: here",  __func__, __LINE__);
        rcode = eap_compose(handler);
 
        /*
@@ -515,6 +516,7 @@
                 *      We are done, wrap the EAP-request in RADIUS to
send
                 *      with all other required radius attributes
                 */
+               DEBUG2("VISTA[%s:%d]: here",  __func__, __LINE__);
                rcode = eap_compose(handler);
 
                /*
Index: src/modules/rlm_eap/eap.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_eap/eap.c,v
retrieving revision 1.52.4.1
diff -u -r1.52.4.1 eap.c
--- src/modules/rlm_eap/eap.c   6 Feb 2006 16:23:49 -0000       1.52.4.1
+++ src/modules/rlm_eap/eap.c   18 Oct 2006 21:15:45 -0000
@@ -1,4 +1,4 @@
-/*
+ /*
  * eap.c    rfc2284 & rfc2869 implementation
  *
  * Version:     $Id: eap.c,v 1.52.4.1 2006/02/06 16:23:49 nbk Exp $
@@ -382,7 +382,10 @@
        eap_packet_t    *hdr;
        uint16_t total_length = 0;
 
-       if (reply == NULL) return EAP_INVALID;
+       if (reply == NULL) {
+         DEBUG2("VISTA[%s:%d]: eap_wireformat invalid",  __func__,
__LINE__);
+         return EAP_INVALID;
+       }
 
        total_length = EAP_HEADER_LEN;
        if (reply->code < 3) {
@@ -469,6 +472,8 @@
                 *      mentioned restriction.
                 */
                reply->id = handler->eap_ds->response->id;
+               DEBUG2("VISTA[%s:%d]: reply->id %d", __func__, __LINE__,
reply->id);
+               DEBUG2("VISTA[%s:%d]: reply->code %d",  __func__,
__LINE__,reply->code);
 
                switch (reply->code) {
                        /*
@@ -506,16 +511,20 @@
         *      that the TTLS and PEAP modules can call it to do most
         *      of their dirty work.
         */
+       DEBUG2("VISTA[%s:%d]: eap->request->code %d",  __func__,
__LINE__, eap_ds->request->code);
+       DEBUG2("VISTA[%s:%d]: eap->request->type.type %d",  __func__,
__LINE__, eap_ds->request->type.type);
+       DEBUG2("VISTA[%s:%d]: handler->eap_type %d",  __func__,
__LINE__, handler->eap_type);
+
        if (((eap_ds->request->code == PW_EAP_REQUEST) ||
             (eap_ds->request->code == PW_EAP_RESPONSE)) &&
            (eap_ds->request->type.type == 0)) {
                rad_assert(handler->eap_type >= PW_EAP_MD5);
                rad_assert(handler->eap_type <= PW_EAP_MAX_TYPES);
+               DEBUG2("VISTA[%s:%d]: Setting EAP type",  __func__,
__LINE__);
 
                eap_ds->request->type.type = handler->eap_type;
        }
 
-
        if (eap_wireformat(reply) == EAP_INVALID) {
                return RLM_MODULE_INVALID;
        }
@@ -598,6 +607,8 @@
                break;
        }
 
+       DEBUG2("VISTA[%s:%d]: rcode %d", __func__, __LINE__, rcode);
+
        return rcode;
 }



> -----Original Message-----
> From: freeradius-users-
> bounces+dourtyb=missouri.edu at lists.freeradius.org [mailto:freeradius-
> users-bounces+dourtyb=missouri.edu at lists.freeradius.org] On Behalf Of
> Phil Mayers
> Sent: Friday, October 20, 2006 6:42 PM
> To: FreeRadius users mailing list
> Subject: Re: Windows Vista doing PEAP
> 
> Josh Howlett wrote:
> >>   Again, I have no idea why it's core dumping.  It shouldn't be.  I
> >> don't have Vista, and I can't debug this issue myself.  It's up to
> you.
> >
> > Sorry - I've come late to this thread. Do we have a general problem
> with
> > Vista failing to authenticate against FR, or is this just one
> instance
> > failing, and we know of other instances where it is working?
> 
> It's a general problem.
> 
> Sadly the "netsh ras set tracing * enable" thing seems not to be
> present
> or work under the vista RCs we've looked at and there was little of
> value in the event logs so the cause is somewhat hard to pin down.
It's
> definitely PEAP (as opposed to EAP-TLS) related.
> 
> Knowing MS they've made a TLV that was previously optional, mandatory,
> or similar. Given the problems seems to be windows-centred, someone
> with
> more windows experience may need to get info from the client as to why
> *it* thinks things are going awry
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list