TCPDump, able to see tunneled credentials?
Connor Herring
connorrjherring at gmail.com
Fri Sep 13 10:34:08 UTC 2024
Hi Again,
I think I have found why it is sending the username in the Access Accept
(update outer.session-state is uncommented) so that's ok but is there a way
for me to be sure it's being tunneled? The debug logs state "eap_ttls: Got
tunneled Access-Accept" and the logs state the final auth accept came "Via
TLS Tunnel" so this would lead me to believe it's fine but is that enough
to go on? Just trying to cover everything.
Kind regards,
Connor
On Fri, Sep 13, 2024 at 9:14 AM Connor Herring <connorrjherring at gmail.com>
wrote:
> Hi All,
>
> I'm a bit confused here. I've got EAP-TTLS/PAP set up. To ensure that
> everything was setup correctly, I have run a PCAP from the supplicant to
> see if I could see any auth details being sent (I couldn't), I have also
> run a PCAP from an AP in sniffer mode (also couldn't see anything, only
> probes and broadcasts), however, I ran a TCPDump on the RADIUS server
> itself and while I couldn't see the password that was being sent, I could
> see the tunnelled username and VLAN attributes in the Access-Accept.
>
> My question is, is this expected? Want to ensure this isn't just a
> misconfiguration.
>
> Kind regards,
>
> Connor
>
More information about the Freeradius-Users
mailing list