search

FreeRADIUS / freeradius-server

FreeRADIUS - A multi-protocol policy server.
http://freeradius.org
GNU General Public License v2.0
2.11k stars 1.08k forks source link

Submitted user identity is used as server name in Authenticator Response in inner MS-CHAPv2 in PEAP #932

Closed sbren closed 9 years ago

sbren commented 9 years ago

FreeRADIUS 2.2.6 submitts the previously submitted user identity in the Authenticator Response message in EAP-MSCHAPv2 when using PEAP. Correct behavior is to submit the host name. The submitted server name be seen in wpa_supplicant logs.

Server name value should be in this case: RADIUSTE-C57770 Submitted server name: testidg1@radtestrealm.edu

Wpa_supplicant log output:

Successfully initialized wpa_supplicant
wlan0: SME: Trying to authenticate with a0:f3:c1:28:1d:1f (SSID='testnet' freq=2412 MHz)
wlan0: Trying to associate with a0:f3:c1:28:1d:1f (SSID='testnet' freq=2412 MHz)
wlan0: Associated with a0:f3:c1:28:1d:1f
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 -> NAK
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=DE/L=Bochum/O=radtest/CN=RADIUSTest Root CA/emailAddress=none@none.com'
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/L=Bochum/O=radtest/CN=RADIUSTE-C57770.radtestrealm.edu/emailAddress=none@none.com'
EAP-MSCHAPV2: RX identifier 133 mschapv2_id 133
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=25):
     74 65 73 74 69 64 67 31 40 72 61 64 74 65 73 74   testidg1@radtest
     72 65 61 6c 6d 2e 65 64 75                        realm.edu       
EAP-MSCHAPV2: Generating Challenge Response
EAP-MSCHAPV2: TX identifier 133 mschapv2_id 133 (response)
EAP-MSCHAPV2: RX identifier 134 mschapv2_id 133
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlan0: WPA: Key negotiation completed with a0:f3:c1:28:1d:1f [PTK=CCMP GTK=TKIP]
wlan0: CTRL-EVENT-CONNECTED - Connection to a0:f3:c1:28:1d:1f completed [id=0 id_str=]
alandekok commented 9 years ago

We won't fix this for version 2. That field is informative, and isn't really used for anything.

I've pushed a fix for v3.