Wrong sequence of packets during re-authentication

Bilal Shahid bilal_shahid5 at hotmail.com
Mon Sep 26 07:25:30 CEST 2005


Hello again,

Can someone please help me this? I am clueless as how to solve this problem.

Thanks,
Bilal

-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org 
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Bilal 
Shahid
Sent: Friday, September 23, 2005 4:00 PM
To: freeradius-users at lists.freeradius.org
Subject: Wrong sequence of packets during re-authentication

Hello all,

During my 802.1X Supplicant's re-authentication (using EAP-TTLS) with
FreeRADIUS using DLINK switch, I face the following scenario:

Sometimes "during re-authentication", one of the FreeRADIUS's replies does
not reach the DLINK switch. When DLINK's RADIUS timer expires, it re-starts
the re-authentication by sending the Supplicant's identity to FreeRADIUS. At
this time, an initial couple of packets are exchanges correctly, however
then it seems that FreeRADIUS wants to skip some of the packets and complete
the authentication whereas my Supplicant wants to re-do everything.

For example, during a 'correct re-authentication", FreeRADIUS sends the
following packet:

TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 05ca], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A


However, during the "incorrect" re-authentication cycle, which has been
started due to a packet loss in the middle as explained above, FreeRADIUS
send the following packet:

TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read finished A


Note that this time FreeRADIUS has sent ChangeCipherSpec and Finished
instead of Certificate and ServerHelloDone. Is this the normal and correct
behavior?

My Supplicant's response to this packet is then liked by the FreeRADIUS and
its sends an alert.

Could someone please help me understanding this problem.

Thanks,
Bilal

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/




More information about the Freeradius-Users mailing list