Modifying EAP Messages
Jouni Malinen
jkmalinen at gmail.com
Tue Mar 17 17:26:57 CET 2009
On Mon, Mar 16, 2009 at 11:56 PM, Arran Cudbard-Bell
<a.cudbard-bell at sussex.ac.uk> wrote:
> A magical check box appeared in the XP SP3 and Vista supplicant
> 'Enable Quarantine Checks'. It'd be a huge win if FR could expose
> these values so that they were usable for policy decisions.
This requires bit more than just minor changes in parsing additional
data and making it available. The PEAP server will need to ask the
PEAP peer to start SoH to get the extra data. This needs at least
minimal functionality to support sequence of EAP methods inside the
PEAP tunnel, but with that done, you should be able to process the SoH
TLVs in FreeRADIUS.
There is specification available for all the needed functionality and
you should be able to find example code on how to do this in hostapd
(it has experimental support for SoH and it dumps the TLVs received
from the client in debug info if you want to run a quick test to see
what data is available).
- Jouni
More information about the Freeradius-Users
mailing list