InnerAttributes not escaped when transmitted to outter

Alan DeKok aland at deployingradius.com
Tue Jun 2 13:30:35 CEST 2009


Arran Cudbard-Bell wrote:
> Currently attributes in outer.reply are not inserted if:
> 
> 1) You're doing EAP-TTLS-MSCHAPv2

  I set "use_tunneled_reply = yes", and I get the reply attributes
copied from the inner tunnel to the outer tunnel.

  And if I do "update outer.reply" with an attribute, it works for me
with EAP-TTLS-MSCHAPv2.

> 2) The inner sever issued a reject

  Yes... that may be easy to fix.  See ttls.c, look for 'case
PW_AUTHENTICATION_REJECT:'.  And copy the lines above 'if
(t->use_tunneled_reply)...' to that 'case' statement.

  That should work...

> These two cases need to be fixed for predictable behaviour.
> 
> Did you get a chance to look at that patch I sent ?

  Later today.

  Alan DeKok.



More information about the Freeradius-Users mailing list