Relaying EAP packets with freeradius-client
Simo Tappola
simo.tappola at gmail.com
Mon Sep 11 16:56:39 UTC 2023
Hullo,
a FreeRADIUS newbie here, with a (hopefully) basic question: I am
struggling to figure out how to use freeradius-client as NAS/authenticator
when authenticating a supplicant to freeradius-server. I already
implemented a version that calculated and verified the EAP MD5 hashes
locally (without FR client), but I would now like to move authentication
responsibilities to the server.
I am currently trying to forward EAP identity response from the supplicant,
but cannot get the server to accept my Message-Authenticator. I think I
have established that I need to add at least PW_EAP_MESSAGE (with the EAP
bytes attached) and PW_MESSAGE_AUTHENTICATOR attributes when using the FR
client, but how am I able to calculate the correct HMAC MD5 without the
packet identifier that (I think) is generated in the FR client? The secret
is configured correctly on both sides, of that I am 99,99% sure. :)
Best regards,
Simo
More information about the Freeradius-Users
mailing list