'Re: EAP-TLS/PEAP authentication problem(can not reply correct'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: EAP-TLS/PEAP authentication problem(can not reply correct
From:       Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date:       2011-08-31 6:21:47
Message-ID: 0089A365-6A2D-45DD-802E-7CA5B5675161 () freeradius ! org
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On 31 Aug 2011, at 08:11, Arran Cudbard-Bell wrote:

> 
> On 31 Aug 2011, at 04:37, gary wrote:
> 
> > Hi All
> > I have NAS client which support WISPr standard working with freeradius \
> > 2.1.10+MySQL 5.5 install on Fedora OS. I create my test certificate and configure \
> > EAP-TLS/PEAP authentication well in my setup. I am using WINDOWS XP as client pc \
> > it can pass authentication but freeradius can not reply correct attribute  I \
> > configured such as bandwidth control. I noticed in the reply attribute the vendor \
> > is Microsoft not WISPr. I wonder if this is WINDOWS default setting how can I \
> > modify so that FR can reply the correct attribute I configured?
> 
> Look in the dictionary file for your NAS vendor and figure out what the actual \
> attribute name is for the reply attribute you're trying to send. 
> The name of a VSA is just there to make it easier to extract and manipulate \
> attributes, it has no effect on the contents of the packet. So if you insert a VSA \
> and it comes up as a Microsoft Vendor and this is not what you intended, then \
> there's a naming conflict and the other Vendors VSAs will have been renamed. 

Of course if you're adding attributes in the inner tunnel you'll have to make sure \
tunnelled reply is set to yes in eap.conf for the relevant EAP methods.

Arran Cudbard-Bell
a.cudbardb@freeradius.org

RADIUS - Half the complexity of Diameter


[Attachment #5 (unknown)]

<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; "><br><div><div>On 31 Aug 2011, at 08:11, \
Arran Cudbard-Bell wrote:</div><br class="Apple-interchange-newline"><blockquote \
type="cite"><base href="x-msg://5404/"><div style="word-wrap: break-word; \
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On \
31 Aug 2011, at 04:37, gary wrote:</div><br \
class="Apple-interchange-newline"><blockquote type="cite"><span \
class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; \
font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: \
normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; \
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; font-size: medium; "><div bgcolor="#ffffff"><div>Hi \
All</div><div>I have NAS client which support WISPr standard working with freeradius \
2.1.10+MySQL 5.5&nbsp;install on Fedora OS.</div><div>I create my test certificate \
and&nbsp;configure EAP-TLS/PEAP authentication well in my setup.</div><div>I am \
using&nbsp;WINDOWS XP&nbsp;as client pc it can pass authentication but freeradius can \
not reply correct attribute&nbsp; I configured such as bandwidth control.</div><div>I \
noticed in the reply attribute the vendor is Microsoft not WISPr.</div><div>I wonder \
if this is WINDOWS default setting how can I modify so that&nbsp;FR can reply the \
correct attribute I configured?</div></div></span></blockquote><div><br></div><div>Look \
in the dictionary file for your NAS vendor and figure out what the actual attribute \
name is for the reply attribute you're trying to send.</div><div><br></div><div>The \
name of a VSA is just there to make it easier to extract and manipulate attributes, \
it has no effect on the contents of the packet. So if you insert a VSA and it comes \
up as a Microsoft Vendor and this is not what you intended, then there's a naming \
conflict and the other Vendors VSAs will have been \
renamed.</div><div><br></div></div></div></blockquote><br></div><div>Of course if \
you're adding attributes in the inner tunnel you'll have to make sure tunnelled reply \
is set to yes in eap.conf for the relevant EAP methods.</div><br><div> <span \
class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); \
font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: \
normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; \
text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: \
0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; \
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; \
-webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" \
style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; \
font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: \
normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; \
white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: \
0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; \
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; \
"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: \
after-white-space; "><div>Arran Cudbard-Bell</div><div><a \
href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a></div><div><br></div><div>RADIUS \
- Half the complexity of Diameter</div></div></span></span> </div>
<br></body></html>



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic