Current status of freeradius v4

[Jan-Frederik Rieckers]

I'll set up a set of docker containers to test some different use cases
I can imagine when dealing with RADIUS proxying in eduroam.

Probably this will take the next week, when I'm ready I'll post a link
where you can try out all these things.

With the current master I still have the problem that, if I omit the
"if (updated)"-Section freeradius sends out Access-Reject when getting
an Access-Challenge. When I put the "if(updated)" section there, it
sends out the Access-Challenge, but with incorrect Message Authenticator
and I haven't foud a way to tell my check script to ignore the Message
Authenticator, so I haven't tested it further yet.

I currently can't post the radius debug output, I'll probably do that in
a few days, when I had the time to create a setup without any production
secrets inside the configuration.

Greetings
Jan-Frederik Rieckers

On 26.07.19 00:20, Alan DeKok wrote:
> On Jul 24, 2019, at 2:11 PM, Jan-Frederik Rieckers <rieckers+freeradius-devel at uni-bremen.de> wrote:
>> I've tried these "fixes":
>>
>> * Leave everything as it is
>> * Remove the update{} section
>> * Add the "ok" after the update{}
>>
>> All of these fixes don't work.
> 
>   Which means... what?
> 
>> When I run eapol_test, it tells me for the reply
>> Invalid Message-Authenticator!
>> Incoming RADIUS packet did not have correct Message-Authenticator - dropped
>>
>> So it seems to be a problem with message authenticator also?
> 
>   Yes, it's not creating a Message-Authenticator attribute for proxied replies that have EAP-Message. 
> 
>   I've pushed a fix.
> 
>   Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20190726/ef0886b4/attachment.sig>