EAP-TTLS/PAP tunneling issue

Alan DeKok aland at deployingradius.com
Tue Feb 12 13:47:51 CET 2008


Edwin van Zyl wrote:
> I'm looking for some help with regards to setting up EAP-TTLS. I've
> managed to make some progress, but can't get past the following problem
> which gets printed in the debug logs:
> 
> "rlm_eap_ttls:  Non-RADIUS attribute in tunneled authentication is not
> supported"
>
> The message gets generated when attribute length > 255, but none of the
> attributes I send through are that large.

  Then (a) the code in FreeRADIUS is buggy, or (b) the code in jradius
is buggy, or (c) you actually are sending attributes that are that large.

> I'm using JRadius to simulate Radius traffic over EAP-TTLS/PAP and are
> sending through the following when receiving the message.

  Is jradius sending this?  Because that message *only* gets printed out
 for data inside of the TTLS tunnel.  And the sample packet you show
does not contain enough data to form anything inside of the TTLS tunnel.

  And... most importantly... if the server was built with debugging
symbols (like it usually is), then running in debugging mode would show
you the raw data inside of the TLS tunnel, which would give you (and me)
enough information to decide definitively what's going on.

> Can anyone please assist? 

  Can you post the debug log, as suggested in the FAQ, README, INSTALL,
and daily on this list?

  Honestly... I'm still amazed at the number of people who careful post
what the client is sending... and then ask "Why does the server not do
what I expect?"  If your car is broken, it is totally pointless to go
examine the road.

  Alan DeKok.



More information about the Freeradius-Users mailing list