RFC compliance for Access Challenge
sanal kumar kariazhath
sanal.kumar77 at gmail.com
Mon Dec 12 13:46:11 CET 2011
Hi,
As per RFC, it looks like the Access Challenge must not contain any
attributes other than Reply-Message, State, Vendor-Specific,
Session-Timeout and Idle-Timeout.
But if i put the configuration options as below for the EAP user 'USER5',
then the access challenge from Free Radius server contains those
attributes.
USER5 Cleartext-Password := "xyz"
Service-Type = Framed-User,
Framed-IP-Address = 255.255.255.255,
Framed-MTU = 576,
Tunnel-Medium-Type = "6",
Tunnel-Type = "VLAN",
Tunnel-Private-Group-Id = 400,
Please find the debug logs below:
Version: radiusd: FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu,
built on Jun 8 2011 at 15:45:1
Debug logs (Have changed the IP address)
--------------------------------------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host AA.BB.CC.DD port 1812, id=38,
length=94
NAS-IP-Address = DD.EE.AA.DD
NAS-Port-Type = Ethernet
NAS-Port = 43
Calling-Station-Id = "00-00-01-00-04-00"
User-Name = "USER5"
EAP-Message = 0x0239000a015553455235
Message-Authenticator = 0x8db99a77b408552561675e84e7840868
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "USER5", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 57 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry USER5 at line 215
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 38 to DD.EE.AA.DD port 65163
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-MTU = 576
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "400"
EAP-Message = 0x013a00160410f646c8b9a0a056801f6d89a3d919ccc5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xda41235ada7b273294cf6090be1d930c
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
--------------------------------------------------------------
Would like to know why Free Radius is putting the user configuration data
in Access Challenge ?
Appreciate the early response on the same,
Thanks,
-Sanal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111212/2d53ba8e/attachment.html>
More information about the Freeradius-Users
mailing list