Description of problem:
Freeradius before 1.1.4 sends empty ACKs to clients when using EAP_TLS (and
things layerd on that). Most clients don't mind but apparently Vista does.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. connect to something authenticated by freeradius using PEAP from a Windows
Fails to authenticate
The one line patch was included in freeradius-1.1.4 and appears to fix the
problem so e.g. upgrading to the newer version would also fix it.
The URL above contains the patch, or you can look at:
for the thread if you prefer that view.
transferred from Thomas Woerner to John Dennis, requested by Steve Grubb.
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Ping. Jonathan, if we provided you an updated test rpm, would you be able to test it to verify the fix it correctly in place?
Not easily at the moment. The only freeradius servers we have are currently either very much older than this running on EL3 (yes I know), or built from more recent source to avoid this particular issue and include a couple of other bug fixes which looked reasonably important.
I must admit that I'd assumed it just wasn't going to be fixed until RHEL-6 or whenever freeradius was next updated to a new version...
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.