node-radius-server icon indicating copy to clipboard operation
node-radius-server copied to clipboard

Published 20 hours ago verified publisher icon simllll

Having trouble with Windows & Android

Open afgarcia86 opened this issue 4 years ago • 5 comments

I am super excited to find this package as I am like a lost boy trying to read through the Free Radius docs.

I am trying to put together a POC using the StaticAuth which if I can get working I will replace with our custom oAuth solution. However I am hitting a wall on Windows & Android. iOS and OSX connected without issues, from what I gather Android seems to want me to install the CA pem however even after that I can't get the credentials to validate. I don't have a windows machine on me but I am pretty sure its a similar problem my co-worker was having when we were testing.

I am hoping there is just something simple I am missing and if you have anything you can share to unblock me I will be really grateful!

Thanks for sharing this package regardless, it has helped me wrap my head around Radius servers very quickly.

afgarcia86 avatar Feb 13 '21 15:02 afgarcia86

So I figured out why the StaticAuth was failing for me on Android.

The 'User-Password' buffer had extra empty bytes. I added these lines on line 17 of UserPasswordHandler.ts.

const passwordBuffer = packet.attributes['User-Password'];
const password = passwordBuffer.slice(0, passwordBuffer.indexOf(0x00));

Still need to test on Windows to confirm it was the same issue.

Any thoughts on how difficult it would be to enable PEAP authentication?

afgarcia86 avatar Feb 18 '21 19:02 afgarcia86

Feel free to open a PR to address the issue in the code base!

Regarding PEAP: PEAP itself is not the challenge, I think that would be easily possible. The main problem is that as far as I remember PEAP only works with mschapv2 on windows, and mschapv2 is not so easy to implement yourself.. if I remember correctly you need some kind of certificates, but not quite sure what made it look quite difficult.

But feel free to look into it. Try to find all related Rfcs, the radius server itself should be modular enough to extend. In case you have any specific questions, just let me know ;)

simllll avatar Feb 18 '21 20:02 simllll

So I have been giving adding PEAP a go and I have hit a wall when it comes to sending the encrypted data. I was able to get MD5 working which I realize is not widely used due to it being insecure. Going to just put my work in progress here and hopefully I can make some time to keep cracking away at this. PEAP is just the default network on android so I am hoping to get it working otherwise I imagine support will get a lot of calls from people not being able to connect to the network.

https://github.com/afgarcia86/node-radius-server/tree/eap-methods

afgarcia86 avatar Feb 23 '21 23:02 afgarcia86

Nice work! Thanks for you work! Just quickly looked over it, if you open a PR I will add some feedback if you like :)

simllll avatar Feb 24 '21 00:02 simllll

I opened a PR, I was planning on cleaning it up a lot more before actually opening it but I figure this will allow us to talk about specific areas of the code more easily. I added some comments as well.

afgarcia86 avatar Feb 24 '21 14:02 afgarcia86