Hi Matthew, Yes, you are correct. But in case of MAC-AUTH which is doing PAP authentication, Access-Reject is sent. FreeRadius should have dropped the request without sending Access-Reject right? Can we make FreeRadius not reply in case MAC-auth if shared secret is wrong. Best Regards Phani On Sun, Apr 14, 2019 at 2:57 PM Matthew Newton <mcn@freeradius.org> wrote:
On Sun, 2019-04-14 at 14:48 -0700, Phani Siriki wrote:
My main question is, why does FreeRadius not send Access-Reject(if shared secret is not correct) when I try to do EAP authentication?
Because the shared secret is wrong.
(2) Received Access-Request Id 1 from 172.24.85.69:60091 to 172.24.66.67:1812 length 141 Dropping packet without response because of error: Received packet from 172.24.85.69 with invalid Message-Authenticator! (Shared secret is incorrect.)
This should be clear enough: the request was dropped. There's nothing to process so no reply is sent.
-- Matthew
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html