Optional displayable message sent with EAP Request-Identity

Noorul Ameen T nwmagic at gmail.com
Wed Dec 31 07:33:16 EST 2008 

Thanks for your reply. Yes. I am exactly looking for the Option 3 in
RFC 4284. I tried as you mentioned in hostapd-0.6.6 but still no
identity hints in identity request.
I tried all the below settings in hostapd.conf. Still no luck. Logs
are appended at the end.

eap_message=hello
eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com;mnc310.mcc410.3gppnetwork.org
eap_message=hello\0NAIRealms=example.com;mnc310.mcc410.3gppnetwork.org


---------
RADIUS SRV: Received 177 bytes from 192.168.0.1:1027
RADIUS SRV: Received data - hexdump(len=177): 01 00 00 b1 02 7a 30 74
ab 85 de 8c c1 19 da 1f 1d 6a b3 47 01 22 74 65 73 74 40 75 6e 72 65
61 63 68 61 62 6c 65 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67
04 06 c0 a8 00 01 1e 0e 30 30 31 38 33 39 36 66 33 66 32 30 1f 0e 30
30 31 66 63 36 34 39 64 37 63 30 20 0e 30 30 31 38 33 39 36 66 33 66
32 30 05 06 00 00 00 1e 0c 06 00 00 05 78 3d 06 00 00 00 13 4f 27 02
00 00 25 01 74 65 73 74 40 75 6e 72 65 61 63 68 61 62 6c 65 2e 33 67
70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67 50 12 a1 6d 4a 61 bf 64 97 5b
f9 ba ba 0a d8 3d 65 c2
RADIUS message: code=1 (Access-Request) identifier=0 length=177
   Attribute 1 (User-Name) length=34
      Value: 'test at unreachable.3gppnetwork.org'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.0.1
   Attribute 30 (Called-Station-Id) length=14
      Value: '0018396f3f20'
   Attribute 31 (Calling-Station-Id) length=14
      Value: '001fc649d7c0'
   Attribute 32 (NAS-Identifier) length=14
      Value: '0018396f3f20'
   Attribute 5 (NAS-Port) length=6
      Value: 30
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 79 (EAP-Message) length=39
      Value: 02 00 00 25 01 74 65 73 74 40 75 6e 72 65 61 63 68 61 62
6c 65 2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67
   Attribute 80 (Message-Authenticator) length=18
      Value: a1 6d 4a 61 bf 64 97 5b f9 ba ba 0a d8 3d 65 c2
RADIUS SRV: Creating a new session
RADIUS SRV: User-Name - hexdump_ascii(len=32):
     74 65 73 74 40 75 6e 72 65 61 63 68 61 62 6c 65   test at unreachable
     2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67   .3gppnetwork.org
RADIUS SRV: Matching user entry found
EAP: Server state machine created
RADIUS SRV: New session 0x0 initialized
RADIUS SRV: Received EAP data - hexdump(len=37): 02 00 00 25 01 74 65
73 74 40 75 6e 72 65 61 63 68 61 62 6c 65 2e 33 67 70 70 6e 65 74 77
6f 72 6b 2e 6f 72 67
EAP: EAP entering state INITIALIZE
EAP: parseEapResp: rxResp=1 respId=0 respMethod=1 respVendor=0
respVendorMethod=0
EAP: EAP entering state PICK_UP_METHOD
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=32):
     74 65 73 74 40 75 6e 72 65 61 63 68 61 62 6c 65   test at unreachable
     2e 33 67 70 70 6e 65 74 77 6f 72 6b 2e 6f 72 67   .3gppnetwork.org
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: another method available -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 1
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
RADIUS SRV: EAP data from the state machine - hexdump(len=5): 01 01 00 05 01
RADIUS SRV: Reply to 192.168.0.1:1027
RADIUS message: code=11 (Access-Challenge) identifier=0 length=51
   Attribute 24 (State) length=6
      Value: 00 00 00 00
   Attribute 79 (EAP-Message) length=7
      Value: 01 01 00 05 01
   Attribute 80 (Message-Authenticator) length=18
      Value: 31 a4 b4 17 1c ee 78 e8 8d d5 55 2c 54 5b 73 53



On Fri, Dec 26, 2008 at 11:59 PM, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Dec 23, 2008 at 06:51:34PM +0530, Noorul Ameen T wrote:
>
>> I configured linksys ap in enterprise mode and hostapd as a radius server.
>> How to make hostapd to send Identity hints (eap_message=hello in
>> hostapd.conf) if the connected user is not found in hostapd.eap_user
>> file? In other words, for the Unknown identity I want the server to
>> send the optional displayable meesage with EAP Request-Identity.
>
> I'm assuming you are talking about the delivery option 3 described in
> RFC 4284 appendix. Only the option 1 (EAP-Request/Identity from the
> AP/Authenticator) was previously supported, so you would have needed to
> configure this in the AP. Anyway, I added support for option 3 into
> hostapd now, so you should be able to do this with the current 0.6.x
> snapshot version from the git tree.
>
> This is configured by adding a eap_user file entry that is pointing to
> Identity method and configuring eap_message in hostapd.conf in the same
> way as it is done for the AP/Authenticator delivery. Here's an example
> eap_user file I used when testing this:
>
> "user at example.com"      MD5     "password"
> *       Identity
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>

More information about the HostAP mailing list