Re: IAS WPS Extension DLL With EAP-TLV URI AVP Using Guest Authentication
- From: "Washington Moreira" <digisystem@xxxxxxxxxxxxxxxx>
- Date: Tue, 6 Dec 2005 19:43:27 -0200
Thank you Eliot
I have now my DLL working.
Now the problem is when a user try to logon with as domain\username and that
domain is not recognized by IAS.
IAS never accept, never reject, never send the PEAP-TLV RESULT.
I'm now working on a way to force IAS reject on Authentication phase so the
expected attributes can appears on Authorization phase
This problem occurs when the user associates the SSID manually or changes
some settings.
I think that I need to change the domain name part to one that IAS could
execute a LDAP request.
Very thanks again for your colaboration on my project.
Washington Moreira
<egable@xxxxxxxxx> wrote in message
news:1133815237.432016.199330@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I have solved the problem!
>
> First, the documentation is incorrect on many issues.
>
> 1) The Mandatory field must be set to 0, not 1.
> 2) The size of the TLVValueLength field is 16 bits (2 bytes) not UCHAR
> (1 byte).
> 3) The EAP-TLV Status message is in the Access-Request attributes [ie
> pECB->GetRequest(pECB)], not the response attributes [ie
> pECB->GetResponse(pECB, rcAccessChallenge)].
> 4) To modify the success message in place, you should set
> pAttr->lpValue[5] = 1
> 5) The lpValue attribute is a constant and you cannot do #4. You must
> create a non-const pointer to the lpValue to modify it: char* data =
> (char*)pAttr->lpValue; data[5] = 1
> 6) The Reject-Reason code is not part of an Access-Reject packet. It is
> in the _request_ attributes inside the packet that contains the EAP-TLV
> Status message.
>
> Once those are straightened out, you can move forward. The next step is
> that, instead of creating a structure for the packet with a static
> length on the URL, you will need a dynamic length. So, just do this:
>
> pInRespAttrs = pECB->GetResponse(pECB, rcAccessChallenge);
> ucTLVValueLength = (UCHAR) strlen(url);
> euEAPTLV = RadiusAlloc(4 + ucTLVValueLength);
> ZeroMemory(euEAPTLV, 4+ucTLVValueLength);
> euEAPTLV[0] = 0;
> euEAPTLV[1] = 8;
> euEAPTLV[2] = 0;
> euEAPTLV[3] = ucTLVValueLength;
> strcpy(&euEAPTLV[4], url);
>
> /* Fill in the RADIUS_ATTRIBUTE struct. */
> raEAPTLV.dwAttrType = ratEAPTLV;
> raEAPTLV.fDataType = rdtString;
> raEAPTLV.cbDataLength = 4+ucTLVValueLength;
> raEAPTLV.lpValue = (PCSTR) euEAPTLV;
>
> /* Add as the ratPEAPTLV URI TLV. */
> dwIndex = pInRespAttrs->GetSize(pInRespAttrs) - 1;
> pInRespAttrs->InsertAt(pInRespAttrs, dwIndex, &raEAPTLV);
>
>
> Enjoy!
>
.
- References:
- Re: IAS WPS Extension DLL With EAP-TLV URI AVP Using Guest Authentication
- From: egable@xxxxxxxxx
- Re: IAS WPS Extension DLL With EAP-TLV URI AVP Using Guest Authentication
- Prev by Date: Re: Enabling guest wi-fi access w/ IAS & Cisco APs ... ?
- Next by Date: Re: Enabling guest wi-fi access w/ IAS & Cisco APs ... ?
- Previous by thread: Re: IAS WPS Extension DLL With EAP-TLV URI AVP Using Guest Authentication
- Next by thread: Re: IAS WPS Extension DLL With EAP-TLV URI AVP Using Guest Authentication
- Index(es):
Relevant Pages
|
Loading
