EAP-TEAP Compound MAC calculation

Suriya Shankar suriya.dshankar at gmail.com
Tue Aug 22 00:14:04 UTC 2023

Hi Alan,

Thank you. I am able to bring up the eap_teap module from 3.2.x and the
client is happy until the first inner TLS. Intermediate Result Success is
being shared with each other.

But with the vp = fr_pair_find_by_num(request->state,

is being returned null and before the second certificate exchange, server
is sending success and so client rejects the authentication saying
Unexpected TLV.
Where do we set the request->state with the Attr pair to avoid this?

For the same reason EAP_TEAP_TLV_IDENTITY is not being sent even for the
first Inner tunnel authentication. As per the documentation the TLV is the
hint for the client and I believe it may not essential for the connection
to establish.

Is 3.2.x the right version for eap_teap?


On Wed, Aug 16, 2023 at 3:27 PM Alan DeKok <aland at deployingradius.com>

> On Aug 16, 2023, at 4:01 PM, Suriya Shankar <suriya.dshankar at gmail.com>
> wrote:
> > I am trying to calculate the Compound MAC for EAP-TEAP. But the
> description
> > in the rfc 7170 is bit confusing
>   Very much so.
>   The short answer is that this list is about FreeRADIUS.  If you're
> implementing an EAP type for another piece of software, there are likely
> other places to go.
>   The FreeRADIUS source code for the compound MAC calculation is in
> src/modules/rlm_eap/types/rlm_eap_teap.
> > Could any please help me in understanding the Compound MAC calculation or
> > guide me in the right direction
>   Don't read RFC 7170.  It's confusing, and substantially wrong.
>   Read the updated document, which is soon to be published:
> https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/11/
>   It's not only clearer, but it's what Microsoft / FreeRADIUS / Cisco /
> hostap / etc. have all done.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html

More information about the Freeradius-Devel mailing list