FreeRadius sends Access-Reject for MAC-AUTH, if shared secret on NAS and server differ

Alan DeKok aland at
Mon Apr 15 01:52:47 CEST 2019

> On Apr 14, 2019, at 7:43 PM, Phani Siriki <yvsg.phanis at> wrote:
> Hi Alan
> Need some inputs on Message-Authenticator attribute. For PAP, Is it
> recommended to send this attribute from NAS?

  RFC 5080 Section 2.2.2 (note the author) says:

   Client implementations SHOULD include a Message-Authenticator
   attribute in every Access-Request to further help mitigate this

  Though vendors are well known for ignoring 10 year-old standards.

  Alan DeKok.

More information about the Freeradius-Users mailing list