Bug 2014525 - Freeradius EAP-TTLS-MSCHAPv2 doesn't work
Summary: Freeradius EAP-TTLS-MSCHAPv2 doesn't work
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: freeradius
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Antonio Torres
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1978216
TreeView+ depends on / blocked
 
Reported: 2021-10-15 13:37 UTC by Filip Dvorak
Modified: 2022-01-12 13:31 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-01-12 13:31:23 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
EAPOL conf file + output from test (45.86 KB, text/plain)
2021-10-15 13:37 UTC, Filip Dvorak
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FREEIPA-7090 0 None None None 2021-10-15 13:39:21 UTC

Description Filip Dvorak 2021-10-15 13:37:23 UTC
Created attachment 1833438 [details]
EAPOL conf file + output from test

Description of problem:
eapol test fails with EAP-TTLS-MSCHAPv2 authentication mechanisms in Fedora. 


Version-Release number of selected component (if applicable):
freeradius-3.0.25-1.fc36.x86_64
openssl-3.0.0-1.fc36.x86_64
wpa_supplicant-2.9-16.fc36.x86_64

How reproducible:


Steps to Reproduce:
1. install freeradius, wpa_supplicant 
2. generate certificates via bootrap script, add user into /etc/raddb/user
3. run radiusd
4. run eapol test /usr/sbin/eapol_test -c EAP-TTLS_MSCHAPV2.conf -s testing123

Actual results:
...
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=238 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE


Expected results:
eapol test should pass for EAP-TTLS-MSCHAPv2 mechanism

Additional info:

Comment 1 Antonio Torres 2022-01-12 13:31:23 UTC
The future upstream release 3.0.26 contains fixes related to OpenSSL3 support that fix this issue. Closing this BZ as the fixes will get into Rawhide when 3.0.26 releases.


Note You need to log in before you can comment on or make changes to this bug.