From 709ae17b03fc9f41a5bc043f3e4ec481ef70ffd9 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Wed, 3 Aug 2016 08:52:30 +0200 Subject: [PATCH] pull NEAT fix from v4.0.x branch --- .../rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 223456c0b97..c1a00450e64 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -545,8 +545,15 @@ failure: * The 'value_size' is the size of the response, * which is supposed to be the response (48 * bytes) plus 1 byte of flags at the end. + * + * NOTE: When using Cisco NEAT with EAP-MSCHAPv2, the + * switch supplicant will send MSCHAPv2 data (EAP type = 26) + * but will always set a value_size of 16 and NULL out the + * peer challenge. + * */ - if (eap_ds->response->type.data[4] != 49) { + if ((eap_ds->response->type.data[4] != 49) && + (eap_ds->response->type.data[4] != 16)) { REDEBUG("Response is of incorrect length %d", eap_ds->response->type.data[4]); return 0; } -- 2.47.3