PEAP/EAP-MSCHAPv2 module modification problem

Ivan Ostres iostres at live.com
Thu May 23 13:00:56 CEST 2013


Forgot to mention - if I put this AVP in rlm_eap.c (line 439) under:

        if ((request->reply->code == PW_AUTHENTICATION_ACK) &&
             request->username) {

This VSA is contained in outgoing access-accept. But the problem is that 
this VSA value should be set in eap-mschapv2. How to transfer value from 
EAP-MSCHAPv2 to rlm_eap?

BR,
iostres

On 5/23/13 12:45 PM, Ivan Ostres wrote:
> Hello list,
>
> I am using PEAP-EAP-MSCHAPv2 combo with freeradius. I modified 
> EAP-MSCHAPv2 rlm to use a weird password store system and 
> authentication works fine. There is one thing I am missing - I need to 
> add a specific VSA to access-accept (depending on the user) and am 
> trying to do it this way:
>
> #define VENDOR_CISCO 9
> #define CISCO_SSG_ACCOUNT_INFO 250
>
> VALUE_PAIR *myvsa;
> myvsa = radius_paircreate(request, &request->reply->vps, 
> CISCO_SSG_ACCOUNT_INFO, VENDOR_CISCO);
> if (myvsa == NULL)
>    RDEBUG("MYVSA == NULL");
> const char *mystr="AINTERNET";
> pairmemcpy(myvsa, (const uint8_t *)mystr,4);
>
> this is done under
>
> case PW_MSCHAP2_SUCCESS: (line ~180) in rlm_eap_mschapv2.c module.
>
> There is no error but I never see this output on access-accept sent to 
> BRAS. What am I doing wrong? Is there a better way to achieve this?
>
> BR,
> iostres
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/devel.html
>
>



More information about the Freeradius-Devel mailing list