Is free radius compliant to RFC 4186? In particular, with respect to section 10.9 which says,
The EAP server MUST obtain fresh RANDs for each EAP-SIM full
authentication exchange. More specifically, the server MUST consider
RANDs it included in AT_RAND to be consumed if the server receives an
EAP-Response/SIM/Challenge packet with a valid AT_MAC, or an
EAP-Response/SIM/Client-Error with the code "insufficient number of
challenges" or "RANDs are not fresh". However, in other cases (if
the
server does not receive a response to its
EAP-Request/SIM/Challenge packet, or if the server receives a
response other than the cases listed above), the server does not need
to consider the RANDs to be consumed, and the server
MAY re-use the
RANDs in the AT_RAND attribute of the next full authentication
attempt.
If compliant, how to configure it to generate fresh RANDs?
Thanks,
Sateesh