EAP Session

From: Kav <Kav@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Aug 2007 17:47:13 -0700

Hello,

I'm having an issue with an aggressive EAP-TLS Radius server implementation
in that the timeout is set to 1 second with no retries. So, the very first
EAP request/Identity has an ID set to 1 and every second another request is
sent by the AP with ID+1.

My problem is, my netui username dialog is brought up because the state
machine doesn't yet have a username and there's no way of clicking OK before
the next request is sent and therefore I'm always behind.

I don't have access to the 5.0 EAP source (as I believe it's part of the
premier source) but the 4.2 has code with the following comments in eapfsm.c:
#if 0
....
#else
//
// There appear to be a lot of bad implementations out there that increment
// the ID field on retransmissions of Request/Identity packets, in violation
// of the EAP specification (RFC2284):
// "The Identifier field MUST be the same if a request packet is
// retransmitted due to a timeout while waiting for a response."
//
// So, we force our response packet to use the most recently received
request id,
// which works around these misbehaving implementations.
//
...
#endif

I don't want to post any code because I'm not sure of the licensing issues.

As you can see this is exactly what I'm interested in. Can someone please
point me to maybe a registry setting, workaround, QFE I'm unaware of? I'm
going to start the red tape process of purchasing the source but was
wondering if someone has ran into this.

As per the AP config – this is a clients infrastructure that we have 0
control over so changing the timeouts and retries is not an option.

Thanks for your help,
Chris

--

Chris Kavanagh

Software Developer
LibreStream Technologies Inc.
www.LibreStream.com
Unit 200 - 55 Rothwell Rd.
Winnipeg, Manitoba
Canada R3P 2M5

.

Follow-Ups:
- RE: EAP Session
  - From: anonymous

Prev by Date: Re: EAP-TLS with windows CE
Next by Date: Re: Incorporating a 3rd party driver into a BSP/Image
Previous by thread: RE: Problem with MSXML3.dll
Next by thread: RE: EAP Session
Index(es):
- Date
- Thread

Relevant Pages

Re: Controlling Javascript from server side
... being the default HTTP charset ever since. ... No, it does not, as the specification and the implementations differ here. ... I said that for a good reason. ... 'true' means that the request must be handled asynchronously. ...
(comp.lang.javascript)
VIA SATA Raid needs a long time to recover from suspend
... Then if there was an IO request made immediately after resuming, ... Changing the timeout resolved this. ... finally did clear) it would timeout and fail. ... It seemed the kernel ...
(Linux-Kernel)
Re: Problems with the block-layer timeouts
... clear a idea of when the timeout period should begin. ... Each request has its own timer, and as it is added to the queue, we ... What the driver chooses to do with the ...
(Linux-Kernel)
pselect() modifying timeout
... the timeout argument is made dependent on the personality. ... POSIX made the behaviour of pselectexplicit -- the ... no pre-existing implementations when pselect() was specified. ...
(Linux-Kernel)
Big Uploads with IIS 6.0
... I've already posted this question on the IIS forum, ... I have an ASP.NET application that does big uploads on ... upload fails randomly (as if the server had given up on the request). ... timeout in the web.config file, ...
(microsoft.public.dotnet.framework.aspnet)