Alternate server certificate

Garber, Neal Neal.Garber at energyeast.com
Fri Jul 24 23:01:14 CEST 2009


> Fri Jul 24 12:25:27 2009 : Info: [eap-comodo] EAP packet type response id 2 length 18
> Fri Jul 24 12:25:27 2009 : Info: [eap-comodo] No EAP Start, assuming it's an on-going EAP conversation
> Fri Jul 24 12:25:27 2009 : Info: +++[eap-comodo] returns fail

This issue occurs during Authorize.  I looked in the source of rlm_eap.c &
eap.c.  Since the "No EAP Start" message appears in the debug output,
I know eap_start is returning EAP_NOTFOUND (it's the next stmt after this
Message).  Given this, the only possible cause for a RLM_MODULE_FAIL after calling eap_start is a failure of pairmake for "Auth-Type" (rlm_eap.c line
492).  Next, I added an RDEBUG in rlm_eap.c to tell me why the pairmake is
Failing and I now see:

Fri Jul 24 16:10:59 2009 : Info: [eap-comodo] Failed to create attribute Auth-Type: Unknown value eap-comodo for attribute Auth-Type

Looking in lib/pairmake.c, it appears this occurs if it can't find the
value in the dictionary for the specified attribute.  

I'll keep digging, but does anyone have any idea why this instance 
wouldn't have been added to the dictionary, at initialization, when 
it was processing the eap file (I didn't see any errors in the debug
output when it was instantiating them)?  Is it because the submodules
already existed?  That is, do I need an alias for all of the eap
sub-modules too (e.g., tls, peap, etc.)?

Thanks in advance for any insight you can provide..




More information about the Freeradius-Users mailing list