Arnnei Speiser arnnei at
Tue Apr 3 13:31:35 CEST 2007

Hi all,

I'm trying to configure the Radius to recognize some personal attributes for
the Authentication request and receiving them back to the client.

Any idea how I can do that.



-----Original Message-----
From: at
[ at]
On Behalf Of freeradius-devel-request at
Sent: Tuesday, April 03, 2007 1:00 PM
To: freeradius-devel at
Subject: Freeradius-Devel Digest, Vol 24, Issue 2

Send Freeradius-Devel mailing list submissions to
	freeradius-devel at

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
	freeradius-devel-request at

You can reach the person managing the list at
	freeradius-devel-owner at

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Freeradius-Devel digest..."

Today's Topics:

   1. Re: EAP-AKA patch for Freeradius 1.1.2 (Alan DeKok)
   2. Automatic report from sources (radiusd) between 02.04.2007 -
      03.04.2007 GMT (Automatic cvs log generator)
   3. users file (ashola ashola)


Message: 1
Date: Mon, 02 Apr 2007 18:14:22 +0200
From: Alan DeKok <aland at>
Subject: Re: EAP-AKA patch for Freeradius 1.1.2
To: FreeRadius developers mailing list
	<freeradius-devel at>
Message-ID: <46112BDE.8050100 at>
Content-Type: text/plain; charset=ISO-8859-1

awaneesh kumar wrote:
> Hi All,
> I have downloaded patch from
> I have succesfully applied patch to Freeradius1.1.2. Few questions i
> a) Does patch supports optional identity privacy support, optional 
> result indications, and an optional fast re-authentication procedure.

  No idea.

> b)   After receiving EAP-Request/AKA-Challenge from server, client
> should calculate AT_MAC and compares with the received one. If it 
> matches it should send back the EAP-Response/AKA-Challenge with AT_RES 
> and new AT_MAC.
> As per section 10.8 of RFC 4187, AT_RES should be encoded as follows. 
> // 
> /        The value field of this attribute begins with the
> 2-byte                             RES Length,which identifies the exact
> length of the RES in bits.  The RES length is followed by the AKA RES 
> parameter.  According to [TS33.105 
> <>], the length of the 
> AKA RES can vary between 32 and 128 bits.  Because the length of the
> AT_RES         attribute must be a multiple of 4 bytes, the sender pads
> the RES with zero bits        where necessary/
> Trace below is packet from client to server:-
> 0x0242003017010000*03050000d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0*0b0500

> 000d6eb3a8082c9d2c0a031505b7a0fac0

  Looks to be wrong.

  As always, patches are welcome.

> c)   As per section 3 (Figure 2) from RFC 4187, if server is unable to
> authenticate client if AT_MAC or AT_RES is incorrect, it should back 
> the EAP-Request/AKA-Notification to client and client should respond 
> back with EAP-Response/AKA-Notification. Then only server should send 
> back EAP result as Failure. But Freeradius1.1.2 sends back the EAP Result
> (FAILURE) with Access-Reject.         How ever success scenarion works
> perfectly.

  As always, patches are welcome.

> d) After receiving AKA-Challenge from Radius server, does patch 
> supports the checking of Sequence No from AUTN parameter?

  No idea.  Check the source code.

> Do we have any latest patch to support EAP-AKA?


  If you have issues with it, you can always send an updated patch with bugs

  Alan DeKok.
--       - The web site of the book - The blog


Message: 2
Date: Tue,  3 Apr 2007 03:06:02 -0500 (CDT)
From: "Automatic cvs log generator" <cparker at>
Subject: Automatic report from sources (radiusd) between 02.04.2007 -
	03.04.2007 GMT
To: freeradius-devel at
Message-ID: <20070403080602.DEC43774F5 at>

CVS log entries from 02.04.2007 (Mon) 08:00:00 - 03.04.2007 (Tue) 08:00:02
GMT =====================================================
Summary by authors
Author: nbk
	File: radiusd/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c;
Revisions: 1.4
	File: radiusd/src/modules/rlm_protocol_filter/rlm_protocol_filter.c;
Revisions: 1.11
	File: radiusd/src/modules/rlm_smb/smbencrypt.c; Revisions: 1.7

Log entries
	The variable "rcsid" is defined twice.
Modified files:
	File: radiusd/src/modules/rlm_protocol_filter/rlm_protocol_filter.c;
Revision: 1.11;
	Date: 2007/04/02 14:43:36; Author: nbk; Lines:  (+2 -4)
	Don't include the same header multiple times.
Modified files:
	File: radiusd/src/modules/rlm_smb/smbencrypt.c; Revision: 1.7;
	Date: 2007/04/02 14:48:35; Author: nbk; Lines:  (+4 -8)
	Fix compilation errors.
Modified files:
	File: radiusd/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c;
Revision: 1.4;
	Date: 2007/04/02 14:51:53; Author: nbk; Lines:  (+17 -18)
Summary of modified files
File: radiusd/src/modules/rlm_protocol_filter/rlm_protocol_filter.c
Revisions: 1.11
Authors: nbk (+2 -4)
File: radiusd/src/modules/rlm_smb/smbencrypt.c
Revisions: 1.7
Authors: nbk (+4 -8)
File: radiusd/src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c
Revisions: 1.4
Authors: nbk (+17 -18)
Automatic cron job from /web/pages/


Message: 3
Date: Tue, 3 Apr 2007 01:45:24 -0700 (PDT)
From: ashola ashola <ashola2007 at>
Subject: users file
To: freeradius-devel at
Message-ID: <299677.89969.qm at>
Content-Type: text/plain; charset="iso-8859-1"


Would u tell me how to get the password of the user defined in users file 

Never miss an email again!
Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out.
-------------- next part --------------
An HTML attachment was scrubbed...


List info/subscribe/unsubscribe? See

End of Freeradius-Devel Digest, Vol 24, Issue 2

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.25/744 - Release Date: 03/04/07

More information about the Freeradius-Devel mailing list