249308 – freeradius (prior to 1.1.4) won't work with vista clients

Bug 249308 - freeradius (prior to 1.1.4) won't work with vista clients

Summary: freeradius (prior to 1.1.4) won't work with vista clients

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	freeradius
Sub Component:
Version:	5.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	John Dennis
QA Contact:
Docs Contact:
URL:	http://lists.cistron.nl/pipermail/fre...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-23 17:06 UTC by Jonathan Peatfield
Modified:	2018-10-20 01:04 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-10-15 15:12:44 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
1-liner upstream patch fixes problem (473 bytes, patch) 2008-07-09 18:34 UTC, Vince Worthington	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2008:0845	0	normal	SHIPPED_LIVE	freeradius bug fix update	2008-10-15 15:12:30 UTC

Description Jonathan Peatfield 2007-07-23 17:06:44 UTC

Description of problem:

Freeradius before 1.1.4 sends empty ACKs to clients when using EAP_TLS (and
things layerd on that).  Most clients don't mind but apparently Vista does.

Version-Release number of selected component (if applicable):

1.1.3

How reproducible:

Apparently 100%...

Steps to Reproduce:
1. connect to something authenticated by freeradius using PEAP from a Windows
Vista client
2.
3.
  
Actual results:

Fails to authenticate

Expected results:

Authenticate corectly.

Additional info:

The one line patch was included in freeradius-1.1.4 and appears to fix the
problem so e.g. upgrading to the newer version would also fix it.

The URL above contains the patch, or you can look at:

http://lists.cistron.nl/pipermail/freeradius-users/2006-November/thread.html#58500

for the thread if you prefer that view.

Comment 1 Red Hat Bugzilla 2007-09-17 05:20:58 UTC

transferred from Thomas Woerner to John Dennis, requested by Steve Grubb.

Comment 5 RHEL Program Management 2008-07-09 18:40:14 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 9 Chris Ward 2008-09-08 08:41:28 UTC

Ping. Jonathan, if we provided you an updated test rpm, would you be able to test it to verify the fix it correctly in place?

Comment 10 Jonathan Peatfield 2008-09-08 15:31:32 UTC

Not easily at the moment.  The only freeradius servers we have are currently either very much older than this running on EL3 (yes I know), or built from more recent source to avoid this particular issue and include a couple of other bug fixes which looked reasonably important.

I must admit that I'd assumed it just wasn't going to be fixed until RHEL-6 or whenever freeradius was next updated to a new version...

 -- Jon

Comment 12 errata-xmlrpc 2008-10-15 15:12:44 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0845.html

Note You need to log in before you can comment on or make changes to this bug.