Proxying PEAP inner as MS-CHAP broken

Phil Mayers p.mayers at imperial.ac.uk
Thu Apr 14 13:22:10 CEST 2011


On 14/04/11 12:07, Phil Mayers wrote:
> On 13/04/11 16:22, Alan DeKok wrote:
>> Phil Mayers wrote:
>>> Actually, I was just testing this and proxying the inner EAP-MSCHAPv2 as
>>> plain MS-CHAPv2 seems to be broken, at least in my testing. It doesn't
>>> crash the server, but equally it doesn't pass the S=XXX success back
>>> correctly either, so the client does a PEAP reject.
>>
>> Hmm... OK.
>
> Ok; the problem seems to be that mschap_postproxy is never run, because
> the "eap" module in the inner-tunnel is returning NOOP. AFAICT this can
> only happen if "request->proxy_reply == NULL", but I don't see how that
> can be.

The attached patch seems to fix it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proxy-mschap.patch.gz
Type: application/x-gzip
Size: 358 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110414/c628dd86/attachment.bin>


More information about the Freeradius-Users mailing list