bug report

Joao Marcelo Ceron ceron at tche.br
Mon Jun 26 02:19:03 CEST 2006


Hello,  

We have tested 802.1X with eap/ttls/mschapv2 using freeradius. Every 
things works fine with Cisco, but, when we tested the solution with 
extreme networks products (Alpine3804  and summit48si) the solution did 
not work as expected.

Apparently, the problem is a different RFC interpretation. The EAP 
implemented in freeradius make a unnecessary check in handle->identity 
variable. So we build a path for freeradius (only taking off some 
lines;-).  Please , consider that change  to next version.


Joao Marcelo Ceron Leandro Bertholdo






+++ eap.patch.c Sun Jun 25 21:04:58 2006
@@ -1046,13 +1046,18 @@
                         *      request as the NAS is doing something
                         *      funny.
                        */
-                       if (strncmp(handler->identity, vp->strvalue,
-                                  MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity does 
not match User-Name.  Authentication failed.");
-                               free(*eap_packet_p);
-                               *eap_packet_p = NULL;
-                               return NULL;
-                       }
+
+                       //  Commented here <Leandro Bertholdo/Joao 
Marcelo Ceron>
+
+                       //  Changed by <Leandro Bertholdo/Joao Marcelo 
Ceron>
+                        /* if (strncmp(handler->identity, vp->strvalue,
+                         *     MAX_STRING_LEN) != 0) {
+                         *     radlog(L_ERR, "rlm_eap: Identity does 
not match User-Name.  Authentication failed.");
+                         *     free(*eap_packet_p);
+                         *     *eap_packet_p = NULL;
+                         *      return NULL;
+                         *}
+                         */
               }
        } else {                /* packet was EAP identity */
                handler = eap_handler_alloc();
@@ -1101,14 +1106,17 @@
                         *      identity, the NAS is doing something
                         *      funny, so reject the request.
                        */
-                       if (strncmp(handler->identity, vp->strvalue,
-                                  MAX_STRING_LEN) != 0) {
-                               radlog(L_ERR, "rlm_eap: Identity does 
not match User-Name, setting from EAP Identity.");
-                               free(*eap_packet_p);
-                               *eap_packet_p = NULL;
-                               eap_handler_free(handler);
-                               return NULL;
-                       }
+
+                       //  Changed by <Leandro Bertholdo/Joao Marcelo 
Ceron>
+                        /* if (strncmp(handler->identity, vp->strvalue,
+                         *        MAX_STRING_LEN) != 0) {
+                         *     radlog(L_ERR, "rlm_eap: Identity does 
not match User-Name, setting from EAP Identity.");
+                         *     free(*eap_packet_p);
+                         *     *eap_packet_p = NULL;
+                         *      eap_handler_free(handler);







More information about the Freeradius-Devel mailing list