EAP-TEAP Compound MAC calculation
Alan DeKok
aland at deployingradius.com
Tue Aug 22 00:34:02 UTC 2023
On Aug 21, 2023, at 8:14 PM, Suriya Shankar <suriya.dshankar at gmail.com> wrote:
> Thank you. I am able to bring up the eap_teap module from 3.2.x and the
> client is happy until the first inner TLS. Intermediate Result Success is
> being shared with each other.
That's good.
> But with the vp = fr_pair_find_by_num(request->state,
>> PW_EAP_TEAP_TLV_IDENTITY, VENDORPEC_FREERADIUS, TAG_ANY);
>
> is being returned null and before the second certificate exchange, server
> is sending success and so client rejects the authentication saying
> Unexpected TLV.
You have to configure the Identity-Type correctly. It's all a bit magical.
> Where do we set the request->state with the Attr pair to avoid this?
We're working on documentation for TEAP. For now, it's still largely experimental.
> For the same reason EAP_TEAP_TLV_IDENTITY is not being sent even for the
> first Inner tunnel authentication. As per the documentation the TLV is the
> hint for the client and I believe it may not essential for the connection
> to establish.
>
> Is 3.2.x the right version for eap_teap?
All of the code is public. If I say TEAP is in v3.2.x, then I'm not trying to mislead you. There is no secret repository of TEAP that you only get access to by asking nicely.
Since all of the code is public, you can also walk through the way rlm_eap_teap works, to see what it's doing. Then, configure the server the way the module expects.
Alan DeKok.
More information about the Freeradius-Devel
mailing list