Request Authenticator value made available to a Perl module

Brandon Miller webasdf at gmail.com
Tue Nov 21 18:45:28 UTC 2023


Hi Alan,

Thank you again for all your hard work on the FreeRADIUS project, the
related RFCs, and taking the time to help on the mailing list.  It is
much appreciated.

I see you updated the VSA in the source on github already.  I
personally agree with you that the attributes should have the Aruba
prefix.  I'm not sure what it would take to make that happen?  I
honestly don't recall where exactly I found that dictionary file.
Looking at the github code, I do see the ALIAS directive at the
bottom.  Does this alias directive force the prefix "Aruba"?  I was
having issues with the older version of FreeRADIUS not accepting the
VSA because of conflicting attributes, and the older version didn't
accept the ALIAS directive in the dictionary files.  This is likely
why I manually changed several of the attributes...just to get it
"working".

I chose octets for the Aruba-MPSK-Lookup-Info datatype with a length
of 178 for 2 reasons.  1) The Aruba-MPSK-Lookup-Info attribute is
encoded WPA2 EAPOL request data as part of the WPA2 handshake. The
returned data is a binary structure that makes more sense when reading
as a string of hex values.  2) When doing a packet capture, wireshark
indicated a length of 178 bytes for that attribute.

I hope this helps.

Thanks,
Brandon

On Sat, Nov 18, 2023 at 8:01 AM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Nov 17, 2023, at 6:26 PM, Brandon Miller <webasdf at gmail.com> wrote:
> >
> > Attached is my working dictionary file.
>
>   With all of the "Aruba-" prefixes removed.  :(  That's not good.
>
>   The dictionaries don't have "namespaces".  So if two vendors define an attribute "Foo", then the only way to tell the attributes apart is by name.  One attribute is "Vendor1-Foo", and the other attribute is "Vendor2-Foo"  But that's minor.
>
>   For the Aruba-MPSK-Lookup-Info attribute, why is it marked "octets" instead of "string"?  When the attribute is decoded, are the contents ASCII text, or some kind of hex structure?
>
>   Do you have a reference for the definition of the attribute?
>
> > My Patch:
>
>   I'll push a slightly different patch.  There's no real reason to limit password attributes to be 128 characters.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list