3.0.13: Receive - Bad packet from host 127.0.0.1: Packet contains EAP-Message and non-EAP authentication attribute
Alan DeKok
aland at deployingradius.com
Tue Mar 7 15:25:51 CET 2017
On Mar 7, 2017, at 9:16 AM, Wegener, Norbert <norbert.wegener at atos.net> wrote:
>
> With a basic installation, only "bob" in the users file actived I got
> Success up to 3.0.12, and no answer in 3.0.13.
> Is this expected behaviour?
It looks like "radtest" is wrong.
> 3.0.12 with success first:
> ./radtest -t eap-md5 bob hello 127.0.0.1:1812 0 testing123 1 127.0.0.1
> Loading input data...
> Read 1 element(s) from input: stdin
> Loaded: 1 input element(s).
> Adding new socket: src: 0.0.0.0:0, dst: 127.0.0.1:1812
> Added new socket: 5 (num sockets: 1)
> Transaction: 0, sending packet: 0 (id: 21)...
> Sent Access-Request Id 21 from 0.0.0.0:33496 to 127.0.0.1:1812 length 89
> User-Name = "bob"
> User-Password = "hello"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
> Message-Authenticator = 0x00
> EAP-Code = Response
> EAP-Type-Identity = 0x626f62
> Framed-Protocol = PPP
> EAP-Message = 0x0277000801626f62
Note that the packet contains both User-Password and EAP-Message, which is forbidden by the RFCs. So... that's our bad.
From the ChangeLog for 3.01.3:
* Reject packets which contain User-Password and
EAP-Message.
I've pushed a fix to the v3.0.x branch on github:
https://github.com/FreeRADIUS/freeradius-server/commit/0251c6c9d049f06c8f10974f9e67ef8142b17047
Alan DeKok.
More information about the Freeradius-Devel
mailing list