Reply-message and supplicant

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sat Jun 6 15:35:01 CEST 2009


Hi,

> No one in London wants to go to Sussex though and from my logs it does 
> not look like anyway from Sussex wants to go to London either ;)
> 
> If someone gives me something better to use in my RADIUS packets then 
> I'm game.  Meanwhile I keep meaning to glue 'exec' and 'fortune' 
> together and see if anyone notices.

I've been having a lok at such packets on the national proxy and wonder
if its because people are just blamming a reply-message in at an wrong
stage...eg during Auth? would a default entry in use users file or
SQL group reply table cause such wrongness? most likely.

crack-pipe question of the day:

could reply messages be used with some smart server-end code to provide 
a data communication channel? ie user A has code that attempts to use EAP
with special username coding...the remote server is designed
to throw responses in EAP messages...which the modified supplicant
on the client can then extract? this could tunnel traffic through
an 802.1X restricted network? in fact, is the inner EAP traffic limited
at all?  once the authentication outer layer is started i should be
able to just keep throwing data back/forward through that tube? 

hmmm....

alan



More information about the Freeradius-Users mailing list