Reply-message stripped from access-reject response

Alan DeKok aland at deployingradius.com
Sat May 14 20:20:15 CEST 2011


sbcsgjmbbz at snkmail.com wrote:
> Im confused, the Packet identifier is the same. Can you explain how you
> know this. Thanks, much appreciated!

  The packets are different.  Go read them.

  Find out what is modifying the packet *after* the RADIUS server sends
the reply.  Look at the *rest* of the fields of the packet.

  i.e. most of these kinds of problems are difficult to solve because
people IGNORE information that's right in front of them.

  You've posted the RADIUS messages.  But what about src/dst IP?  Have
you verified that the packets you *think* are the same actually match
for src/dst IP, and src/dst port?  If not, why not go check?  That will
show you WHY the packets are different: they're not the same packet!

  The src/dst IP/port will also tell you WHAT is in the middle of the
RADIUS conversation.  That something is the one mangling the packets.

  Alan DeKok.



More information about the Freeradius-Users mailing list