Uns Sent from my iPhone
On 31 Aug 2014, at 13:00, freeradius-users-request@lists.freeradius.org wrote:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Not able to receive inner identity in Access-Accept in EAP-TTLS. (Axel Luttgens) 2. EAP-MD5: Access-Accept packet in debug log messages (Axel Luttgens)
----------------------------------------------------------------------
Message: 1 Date: Sun, 31 Aug 2014 11:23:03 +0200 From: Axel Luttgens <axel.luttgens@skynet.be> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Not able to receive inner identity in Access-Accept in EAP-TTLS. Message-ID: <049C2F78-6B5A-46FC-BFC5-8C1E8295B251@skynet.be> Content-Type: text/plain; charset=iso-8859-1
Le 30 ao?t 2014 ? 18:28, Axel Luttgens a ?crit :
Le 30 ao?t 2014 ? 16:38, Alan DeKok a ?crit :
Alan DeKok wrote:
Unfortunately, that is how it works. If you read the debug output,
I've updated the example inner-tunnel example,
Yes, I noticed that this morning. :-)
More exactly, I only had seen the next to last change while writing the above. But the current comment appears to be exactly the one I would have dreamed to write myself. ;-)
Perhaps could it be worth to enhance the description of use_tunneled_reply as well? With the current comment, use_tunneled_reply could be understood as a way to convey the inner User-Name only; but, unless I'm wrong, any attribute, even a private one, is liable to be brought to the outer session. Moreover, the mechanism activated by that setting probably deserves a better emphasis; in particular, I'm thinking at its protocol-awareness you have described in a previous message.
Regards, Axel
------------------------------
Message: 2 Date: Sun, 31 Aug 2014 11:56:28 +0200 From: Axel Luttgens <axel.luttgens@skynet.be> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: EAP-MD5: Access-Accept packet in debug log messages Message-ID: <97A82F0C-B772-4AD0-AF0C-286603F962D2@skynet.be> Content-Type: text/plain; charset=us-ascii
Hello,
While confronting my config attempts with various scenarios, I noticed that the Message-Authenticator seems to always be displayed as a sequence of null bytes:
(1) Sending Access-Accept packet to host 127.0.0.1 port 60546, id=174, length=0 (1) EAP-Message = 0x03ad0004 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) User-Name = 'bob' Sending Access-Accept Id 174 from 127.0.0.1:1812 to 127.0.0.1:60546 EAP-Message = 0x03ad0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'bob'
BTW, out of curiosity, attribute User-Name appears to be unconditionally added to the Acces-Accept packet; is this common practice?
Axel
------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 112, Issue 84 *************************************************