reply-attributes are not set in the ACCES-ACCEPT

Alex Mija alexandru.mija at alcatel-lucent.ro
Fri May 9 09:29:01 CEST 2008 

Hello,
I try to authenticate (using freeradius 102)to a freeradius server . My user
entry in the users file looks like this:

user2   User-Password := "alcatel"
     Session-Timeout = 3600,
     Termination-Action = 1,
#        Class = 0x1234567890,
#        User-Name = "accounting",
     Service-Flow-Descriptor =
0x000104008302040083040303050304060301070383080384,
     QoS-Descriptor += 0x000103830403020606000F40000c0302,
     QoS-Descriptor += 0x000103840403020606001F40000c0302

When I use TTLS with  CHAP  it works fine.
BUT When I use TTLS with MSCHAPv2 in ACCESS-ACCEPT message I can't see any
of the attributes I set in the reply list of items from the users file.

Here is the ACCESS-ACCEPT I get for TTLS with CHAP:
Sending Access-Accept of id 5 to 10.10.10.30:36608
     Session-Timeout = 3600
     Termination-Action = RADIUS-Request
     Service-Flow-Descriptor =
0x000104008302040083040303050304060301070383080384
     QoS-Descriptor += 0x000103830403020606000f40000c0302
     QoS-Descriptor += 0x000103840403020606001f40000c0302
     MS-MPPE-Recv-Key =
0x8a3b613e1d64e0a0336d2e60e2fb0632b6a43cc6b3d5d2b4e5567d1a96192ce4
     MS-MPPE-Send-Key =
0x6e80df49b3c1508922184f681e1ce50d92c8be285caffd8ade63819b62a39f71
     EAP-Message = 0x03b80004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "anonymous"
     State = 0x2c1b82994bd0419cabdcaf1926213bd5
Finished request 4

And here is the ACCESS-ACCEPT I get for TTLS with MSCHAPv2:
Sending Access-Accept of id 5 to 10.10.10.40:42816
     MS-MPPE-Recv-Key =
0x1da9c1c1e531f3196e83dfc1916b5b3a86b495ab8e2af29713c599be4bdfbbfd
     MS-MPPE-Send-Key =
0xe1059cf8c3c43acb40917d40d11f75b38d3ebcdd7ff3c8ce50555cfed46e286b
     EAP-Message = 0x03c20004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "anonymous"
     State = 0x84615d95aae822404e0a3e27f174ea81
Finished request 4

Could anyone tell me why in the second case the reply attributes are not
included in ACCESS-ACCEPT?

Regards,
Alex

More information about the Freeradius-Users mailing list