0001536: EAP-TTLS is not seen as Wireless-802.11-EAP - PacketFence - BTS

Bug Tracking System

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0001536

PacketFence

802.1x

public

2012-08-31 13:09

2015-02-13 15:42

Reporter

fgaudreault

Assigned To

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

open

Platform

OS

OS Version

Product Version

3.5.0

Target Version

Fixed in Version

Summary

0001536: EAP-TTLS is not seen as Wireless-802.11-EAP

Description

Here is the thing, when you do EAP-TTLS authentication, there is no EAP-Type set in the inner tunnel since the authentication is plaintext.

So instead of seeing the node as Wireless-802.11-EAP, we see it as Wireless-802.11-NoEAP, which is not true. This is problematic since we permit anonymous outer identity.

Additional Information

I fixed this in a hackish fashion at the customer site by copying EAP-Message for the REPLY attributes, to the REQUEST attributes. I then modified the _parseRequest sub to add EAP-Message to the condition to set eap_type = 1.

Tags

No tags attached.

fixed in git revision

fixed in mtn revision

Relationships

Notes
(0003033) fgaudreault (viewer) 2012-09-10 14:28	I think we should have more than just Wireless-802.11-EAP/NoEAP. We should be able to specify the EAP-Type, something like: - Wireless-802.11-NoEAP - Wireless-802.11-PEAP - Wireless-802.11-TLS - Wireless-802.11-TTLS

(0003816) lmunro (administrator) 2015-02-13 15:42	These bugs have been sitting untouched since 2012. Closing them and possibly reopening in github tracker where relevant.

Issue History
Date Modified	Username	Field	Change
2012-08-31 13:09	fgaudreault	New Issue
2012-09-10 14:28	fgaudreault	Note Added: 0003033
2012-10-19 11:26	fgaudreault	Target Version	=> general
2015-02-13 15:42	lmunro	Note Added: 0003816
2015-02-13 15:42	lmunro	Status	new => closed

Copyright © 2000 - 2012 MantisBT Group