playing with eap2 - access-challenge instead of access-accept
Ming-Ching Tiew
mctiew at yahoo.com
Sat Sep 10 04:08:13 CEST 2011
I am playing with eap2 module using libeap.so from the hostapd 0.7.3 stable ( plus Makefile modifications ). I have got it to a stage where it can be instantiated - despite a few other off topic issues. But when I put that 'eap2' in place of 'eap' in the authentication section, nothing happens, eap2 module is not invoked. So I changed it to :-
Auth-Type eap {
eap2
}
The module is then invoked. But I am still not coming close to being able get it to authenticate, because when I tested the simplest case of eap md5, this is what I got from radius debug :-
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group eap {...}
CTRL-EVENT-EAP-STARTED 00:00:00:00:00:00
CTRL-EVENT-EAP-PROPOSED-METHOD method=1
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
==> Request
++[eap2] returns handled
Sending Access-Challenge of id 250 to 127.0.0.1 port 52414
EAP-Message = 0x01d300061920
State = 0xe3c425eb267c641f82d999e1c9808ce1
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Verses this is what I get if I use 'eap' module :-
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 160 to 127.0.0.1 port 50702
EAP-Message = 0x03d30004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "eapmd5"
Finished request 1.
Seems eap2 is always returning access-challenge while eap is able to complete with access-accept. Is it that the rlm_eap2.c source needs further modifications ?
Best regards.
More information about the Freeradius-Devel
mailing list