On Thu, Feb 14, 2013 at 4:18 PM, Alan DeKok <aland@deployingradius.com> wrote:
Phil Mayers wrote:
Does anyone know if there's known-good test data we can compare against, or a client/application that validates it? Does eapol_test implement/check it?
It doesn't seem to.
If someone has a packet trace from ACS, that should be enough.
I'm about to add this to eapol_test: http://w1.fi/cgit/hostap/commit/?h=pending&id=b1e268afbc36c6605ec74e13b1ee98... ('eapol_test: Check EAP-Key-Name'). However, while implementing that, I could not find where the format used by FreeRADIUS for EAP-Key-Name ("0x<hexstring>") is defined. RFC 4072 defined EAP-Key-Name AVP as an OctetString and allocated a RADIUS attribute type 102 for it. RFC 5247 has a pointer to that with an indication that it can be used with RADIUS. draft-ietf-radext-ieee802ext-12 calls this a "string" field (with RFC 2865 meaning of string being binary data). As such, I would have expected to receive binary data, not a text string that has "0x" prefix followed by a hexstring encoding of that binary data. Where does this hex format come from? ACS? Please also note that draft-ietf-radext-ieee802ext-12 adds this: "In addition, the RADIUS server SHOULD include this Attribute in an Access-Accept or CoA-Request only if an EAP-Key-Name Attribute was present in the Access-Request." which does not match the current FreeRADIUS behavior. - Jouni