inner/outer Tunnel attributes of TTLS/MS-CHAPv2
Hello All, I've an issue with passing attributes from EAP TTLS MS-CHAPv2 to outer: My /etc/raddb/users contains: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1 User-Name := `%{User-Name}`, Fall-Through = yes And my eap ttls module contains:
copy_request_to_tunnel = yes use_tunneled_reply = yes
The user-name and Tunnel-* are not rewiten/copied to the outer. This isssue is only with MS-CHAP, not PAP. Running version: freeradius-1.0.1-3.RHEL4.5 radius -X : rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 39 modcall: group Auth-Type returns ok for request 39 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 39 radius_xlat: '/var/log/radius/radacct/127.0.0.1/reply-detail-20080204' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20080204 modcall[post-auth]: module "reply_log" returns ok for request 39 modcall: group post-auth returns ok for request 39 TTLS: Got tunneled reply RADIUS code 2 User-Name := "vmagnin@unil.ch" Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 = "16" Tunnel-Medium-Type:0 = IEEE-802 MS-CHAP2-Success = 0x5b533d31464345343644464444343239353838433043363243464630463638363938363532333336314637 MS-MPPE-Recv-Key = 0xcf199064e5ce16501ad868646e8e7b3c MS-MPPE-Send-Key = 0x053e079625529879fe9f4f1cb9b7ad47 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 39 modcall: group Auth-Type returns ok for request 39 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 39 radius_xlat: '/var/log/radius/radacct/130.223.222.60/reply-detail-20080204' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/130.223.222.60/reply-detail-20080204 modcall[post-auth]: module "reply_log" returns ok for request 39 modcall: group post-auth returns ok for request 39 Sending Access-Accept of id 60 to 130.223.222.60:1645 MS-MPPE-Recv-Key = 0xc9abc77f52aa954231989e3bc26c35b2b6f6578dec2fe6b1bf06e9fb1b75740f MS-MPPE-Send-Key = 0xe940dd6f47a1a7102d876dacf2f36385a5e717f96372d87256b5e6c1c3ba962b EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "anonymous" Finished request 39
Hello Alan, You have right, this version is too old and do not support this feature (I've checked src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c). This version is the one supplied with Redhat Enterprise 4. I'll compile 1.1.7 from source. Regards, Vincent Magnin Alan DeKok <aland@deployingradius.com> a écrit :
Vincent Magnin wrote:
Running version: freeradius-1.0.1-3.RHEL4.5
Why? I'm not sure if the functionality you need is even in 1.0.1. Why not try 2.0.1, or maybe 1.1.7?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vincent Magnin wrote:
Hello Alan,
You have right, this version is too old and do not support this feature (I've checked src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c).
This version is the one supplied with Redhat Enterprise 4.
I'll compile 1.1.7 from source. Really I would go with 2.01, it's trivial to do this in 2.01, and it's far better in terms of dealing with tunnelled data (separate virtual server).
Regards,
Vincent Magnin
Alan DeKok <aland@deployingradius.com> a écrit :
Vincent Magnin wrote:
Running version: freeradius-1.0.1-3.RHEL4.5
Why? I'm not sure if the functionality you need is even in 1.0.1. Why not try 2.0.1, or maybe 1.1.7?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Alan DeKok -
Arran Cudbard-Bell -
Vincent Magnin