Loggint ntlm authentication
Neal.Garber at iberdrolausa.com
Thu Sep 9 05:56:48 CEST 2010
Thread continued from freeradius-users list..
As I mentioned previously, I have the PEAP changes completed to save/retrieve reply attributes on authentication failure.
I've examined the TTLS code and I have a question. The code to retrieve the saved reply attributes is done in a different place in the authenticate function as compared to the PEAP code. I'm wondering if this was intentional? If not, do you see a problem moving this code from the switch on status == EAPTLS_SUCCESS to the switch on rcode == PW_AUTHENTICATION_ACK (which was changed from RLM_MODULE_OK in ttls.c:eapttls_process)? I would then add similar code to the rcode == PW_AUTHENTICATION_REJECT to retrieve the saved reply attributes. Alternatively, I could add EAPTLS_FAIL to the switch on status and retrieve the attributes in that block (and then return 0 as it does in the default block).
I'm looking for some advice because I have no way of testing/debugging the TTLS code and I'm concerned about breaking it. I'm also concerned because the code in the switch on status "returns" on EAPTLS_SUCCESS in rlm_eap_ttls whereas it falls through in rlm_eap_peap to the switch on rcode (TTLS only falls through when status == EAPTLS_OK).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Devel