sebschrader
commented
6 years ago The unit test still fails, but it works in practice.
See #80
Closed sebschrader closed 6 years ago
sebschrader
commented
6 years ago The unit test still fails, but it works in practice.
See #80
There is no RADIUS MAC authentication standard, so different vendors implement it slightly different. See here for a good overview.
Hades works with PAP and CHAP based RADIUS MAC Authentication implementation. Juniper for example uses EAP-MD5 for example. EAP-MD5 has been enabled in freeradius, but it does not cooperate well with the MAC canonicalization feature. The user name in the encapsulated EAP message (in the Identity field of the EAP message) will not be canonicalized.