p.l · @artlog
23 followers · 344 posts · Server linuxrocks.onlineAfter some epic fight i found out how to test a #freeradius server in eap ttls pap mode using Vendor-Specific attributes for authorization.
This was all about encoding a Vendor-Specific Attribute to provide to #eapol_test -N 26:x:somethinginhex option.
All was about this somethinginhex.
Vendor attribute is encoded :
|26 (1Byte)| Length (1Byte)| Vendor Id (4 bytes Big Endian)| Vendor type/attribute (1Byte) | Vendor Length (1 Byte) = 2 + length of (Value)|Value|
if 2+length of value is not respected Vendor-Specific attribute is not detected and will remain as a Att-26 in freeradius.
Since 2 bytes |26|Length| are already handled by eapol, it reamins to correctly enter remaining thing in hex form.
This was my entry point :
https://hostap.shmoo.narkive.com/0FEiWyqK/eapol-test-send-vendor-specific-radius-attribute
Together with rfc https://www.rfc-editor.org/rfc/rfc2865 where unfortunately Vendor length was not explained.
I read freeradius code too, but it was more complex than expected, due to implementation of newer extended attributes formats.