Freeraius vs NPS

Alan DeKok aland at deployingradius.com
Fri May 5 17:53:30 CEST 2017


> On May 5, 2017, at 11:46 AM, Martin, Jeremy <jmartin at emcc.edu> wrote:
> 
> I am attaching them to this email.

  Wow... the phone is just broken.  It's sending an EAP-Identity of:

0xa009ed031e00

  i.e. the MAC address of the phone... in binary form, NOT text, and finishing off with a trailing zero byte.

  What phone is this?  That behavior is completely broken, and violates RFC 3748:

https://tools.ietf.org/html/rfc3748#section-5.1

     This field MAY contain a displayable message in the Request,
      containing UTF-8 encoded ISO 10646 characters [RFC2279].  Where
      the Request contains a null, only the portion of the field prior
      to the null is displayed.  If the Identity is unknown, the
      Identity Response field should be zero bytes in length.  The
      Identity Response field MUST NOT be null terminated. 

  In any case, the suggestion I made in my last message should work.  Though it will be made more complicated by the phone sending binary crap as the EAP-Identitiy, instead of a UTF-8 text string.

 Alan DeKok.




More information about the Freeradius-Users mailing list