RADIUS packet did not have correct Message-Authenticator
Alan DeKok
aland at ox.org
Fri Dec 16 19:42:47 CET 2005
Norbert Wegener <nw at sbs.de> wrote:
> I do not see the usual eap messages flying around, but nevertheless
> radius sends an Access-Accept:
...
> modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type Accept
Who sets that? The server doesn't do that by default.
Some part of your configuration sets Auth-Type := Accept. As a
result, the EAP module is not run during the "authenticate" stage, and
no EAP-Message (or Message-Authenticator) gets sent back in the
Access-Accept.
I suggest walking through the debug log, looking at each module
that's mentioned. Run the LDAP queries by hand, to see if they return
Auth-Type = Accept. Look at the "users" file entries.
My guess is that the entry at line 25 of the "users" file has the Accept.
Alan DeKok.
More information about the Freeradius-Users
mailing list