eap-fast: using eap-fast-mschapv2 in anonymous tunnel
Isaac Boukris
iboukris at gmail.com
Sat Sep 23 03:05:45 CEST 2017
Hello all,
I've been trying to test eap-fast unauthenticated provisioning (RFC
5422), and was getting mschap errors, for which I think I found a fix
- see attached patch (v3.0x).
With this patch, the mschap authentication stage succeeds using
eapol_test and a tunnel-pac is provisioned (while the first eapol
exchange ends with reject as allowed by the RFC, the subsequent
authentication successes using the newly provisioned pac).
My eapol_test config (my server config is almost untouched):
network={
ssid="eap-fast-test"
key_mgmt=WPA-EAP
eap=FAST
anonymous_identity="FAST-000102030405"
identity="bob"
password="hello"
phase1="fast_provisioning=1"
pac_file="/local/file"
}
I also tried out the v4.0x branch but encountered some other issues.
First had to add a cast to float when comparing with tls_max_version
(inst->tls_conf->tls_max_version > (float) 1.1), as otherwise:
float x = 1.1; if (x > 1.1) yields true for some reason.
Then however, I get a crash which I can't figure so far - logs with
back-trace attached.
Thanks,
Isaac B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-EAP-FAST-Fix-EAP-FAST-MSCHAPv2-in-anonymous-tunnel-v.patch
Type: application/octet-stream
Size: 2979 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170923/5b3730de/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v4_crash.log
Type: application/octet-stream
Size: 344308 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170923/5b3730de/attachment-0003.obj>
More information about the Freeradius-Users
mailing list