PEAP-MSCHAP question.

Makarand Pradhan makarandpradhan at ruggedcom.com
Mon May 2 23:42:36 CEST 2011 

Hi All,

Hope all of you are having a nice day. This is my first post on this list, so 
kindly overlook any novice mistakes.

I am facing a problem while working with freeradius. The description of the 
problem and a probable solution is given below:

Problem Scenario:
I work on a router. I am working on PEAP with default_eap_type=mschapv2. On 
the router, I am a tunnel exchanging packets with the port on one side and the 
radius server on the other. rad_decode is used to get the EAP attributes 
coming from the server, so that they can be sent to the port which is being 
authenticated.
While invoking rad_decode, the secret is set to NULL. This causes a trap while 
trying to decode Microsoft specific attributes as dictionary.microsoft says 
the key should be encrypted.

ATTRIBUTE       MS-MPPE-Send-Key                        16      octets  
encrypt=2
ATTRIBUTE       MS-MPPE-Recv-Key                        17      octets  
encrypt=2

Resolution:
To resolve this issue, I had to add a NULL ptr check in radius.c, function 
data2vp.

diff -Naur radius.c.orig  radius.c
--- radius.c.orig       2011-05-02 17:19:33.988204676 -0400
+++ radius.c    2011-05-02 17:21:29.528702423 -0400
@@ -2242,7 +2242,7 @@
        /*
         *      Decrypt the attribute.
         */
-       switch (vp->flags.encrypt) {
+       switch (vp->flags.encrypt && (NULL != secret)) {
                /*
                 *  User-Password
                 */

I would highly appreciate your opinions regarding the issue. If this 
resolution is not acceptable, then kindly let me know alternatives that would 
be acceptable.

Warm Rgds,
Makarand.

-- 
NOTICE OF CONFIDENTIALITY:
-------------------------------------------
This e-mail and any attachments may contain confidential and privileged 
information. If you are not the intended recipient, please notify the sender 
immediately by return e-mail and delete this e-mail and any copies. Any 
dissemination or use of this information by a person other than the intended 
recipient is unauthorized and may be illegal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110502/80872fd0/attachment.html>

More information about the Freeradius-Devel mailing list