Hi Alan, Thank you. I am able to bring up the eap_teap module from 3.2.x and the client is happy until the first inner TLS. Intermediate Result Success is being shared with each other. But with the vp = fr_pair_find_by_num(request->state,
PW_EAP_TEAP_TLV_IDENTITY, VENDORPEC_FREERADIUS, TAG_ANY);
is being returned null and before the second certificate exchange, server is sending success and so client rejects the authentication saying Unexpected TLV. Where do we set the request->state with the Attr pair to avoid this? For the same reason EAP_TEAP_TLV_IDENTITY is not being sent even for the first Inner tunnel authentication. As per the documentation the TLV is the hint for the client and I believe it may not essential for the connection to establish. Is 3.2.x the right version for eap_teap? Thanks, Suriya On Wed, Aug 16, 2023 at 3:27 PM Alan DeKok <aland@deployingradius.com> wrote:
On Aug 16, 2023, at 4:01 PM, Suriya Shankar <suriya.dshankar@gmail.com> wrote:
I am trying to calculate the Compound MAC for EAP-TEAP. But the description in the rfc 7170 is bit confusing
Very much so.
The short answer is that this list is about FreeRADIUS. If you're implementing an EAP type for another piece of software, there are likely other places to go.
The FreeRADIUS source code for the compound MAC calculation is in src/modules/rlm_eap/types/rlm_eap_teap.
Could any please help me in understanding the Compound MAC calculation or guide me in the right direction
Don't read RFC 7170. It's confusing, and substantially wrong.
Read the updated document, which is soon to be published: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/11/
It's not only clearer, but it's what Microsoft / FreeRADIUS / Cisco / hostap / etc. have all done.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html