RADIUS packet did not have correct Message-Authenticator

Dusty Doris freeradius at mail.doris.cc
Fri Dec 16 21:46:52 CET 2005


> although I have not yet found the culprit, it is calming to know the reason 
> behind.  I have read this and that documentation about freeradius during the 
> past time, but this one I think, did never cross my way. Is there a document, 
> where this behaviour is described?

I believe its your users file, from your previous messages on ldap.  I had 
given you an example of using ldap-group to make sure you hit that 
check-item you want.  That worked, but now your access-accept is 
cancelling the EAP.  Sorry if I confused you, but I was just focusing on 
the ldap part, didn't even realize there was something else going in 
inside this.

Perhaps you should change it from:

DEFAULT Ldap-Group == "515", Auth-Type := Accept
        Framed-Type = Framed,
        Tunnel-Type:1 = VLAN,
        Tunnel-Medium-Type:1 = IEEE-802,
        Tunnel-Private-Group-ID:1 = 100

DEFAULT Auth-Type := Reject

To:
DEFAULT Ldap-Group == "515"
        Framed-Type = Framed,
        Tunnel-Type:1 = VLAN,
        Tunnel-Medium-Type:1 = IEEE-802,
        Tunnel-Private-Group-ID:1 = 100


DEFAULT Auth-Type := Reject


?? I have never used EAP, but I belive if you take out the Auth-Type := 
Accept, the server should pick up on the fact that it needs to do EAP and 
will continue with that part.  Someone else will be able to give more 
insight on that part.



More information about the Freeradius-Users mailing list