EAP Notification

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Thu Jan 3 14:30:55 CET 2008 

Josh Howlett wrote:
> That's certainly a feature of some Cisco WAPs.
>
> If anyone knows of a supplicant that does anything *useful* with
> EAP-Notification (like, you know, notify the user) then that would be
> interesting to hear :-)
>   
wpa_supplicant supports it; changelog says it was added back in May 2005

	* display EAP Notification messages to user through control interface
	  with "CTRL-EVENT-EAP-NOTIFICATION" prefix

Whether  the GUIs that sit on top of it take notice is another matter.

windows XP supplicant displays the Reply-Message attribute in one of 
those annoying yellow popup bubbles, but only for straight CHAP ?!

Mac OSX logs the notifications in the system log... Though given that 
90% of mac users probably don't know what a terminal window is... not 
that much use !

It'd be interesting to see if there was any way to get hooks into the 
eapol client, then you could transfer the EAP notifications over into 
the growl Notification framework. Give you a neat mechanism to berate 
your Mac users for AUP transgressions :)

---
Alan,
Any chance the rlm_eap failure codes/verbose error messages could be 
made available as attributes in the request list ?

---
Thanks,
Arran
> josh.
>
>   
>> -----Original Message-----
>> From: 
>> freeradius-users-bounces+josh.howlett=ja.net at lists.freeradius.
>> org 
>> [mailto:freeradius-users-bounces+josh.howlett=ja.net at lists.fre
>>     
> eradius.org] On Behalf Of Arran Cudbard-Bell
>   
>> Sent: 03 January 2008 12:50
>> To: FreeRadius users mailing list
>> Subject: EAP Notification
>>
>> Hi,
>> Running a packet capture of an EAP TTLS session against FR 
>> cvs head, noticed EAP Notifcation packets are being sent.
>> The type-data appears to match that of the Reply-Message. Is 
>> this a feature of rlm_eap that I missed before, or is the NAS 
>> being clever about it's interpretation of the Access-Accept  
>> packet, and encapsulating the Reply-Message attribute in an 
>> EAP-Request Notification packet ?
>>
>> Either way it's pretty cool, and the message gets logged in 
>> /var/log/system.log (On Mac OS X) which has the potential to 
>> be useful for debugging...
>>
>> Thanks,
>> Arran
>>
>> --
>> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk) 
>> Authentication, Authorisation and Accounting Officer 
>> Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton
>> EXT:01273 873900 | INT: 3900
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>>     
>
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024 
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   


-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900

More information about the Freeradius-Users mailing list