Cool....  Thanks a lot for the quick response and info...  :-)

Thanks,
-Sanal

On Mon, Dec 12, 2011 at 6:36 PM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,

>    Would like to know why Free Radius is putting the user configuration data
>    in Access Challenge ?

as per attrs.access_challenge


#       This configuration file is used to remove almost all of the
#       attributes From an Access-Challenge message.  The RFC's say
#       that an Access-Challenge packet can contain only a few
#       attributes.  We enforce that here.
#
DEFAULT
       EAP-Message =* ANY,
       State =* ANY,
       Message-Authenticator =* ANY,
       Reply-Message =* ANY,
       Proxy-State =* ANY,
       Session-Timeout =* ANY,
       Idle-Timeout =* ANY

this would suggest strongly that you arent actually USING this filter to
follow the RFCs that you are so strongly advocating in your post - this
filter file is define in modules/attrs

attr_filter attr_filter.access_challenge {
       key = %{User-Name}
       attrsfile = ${confdir}/attrs.access_challenge
}



now....read the sites-enabled/default as provided with the server, scroll
down to the 'eap' authentication and then you'll see the next 12 lines have
the bit that will enable this filter.  its commented out by default because
its an RFC that not many people care about (having seen junk from IAS/NPS and
ACS, FreeRADIUS is already *quite* RFC compliant without tis extra bit of OCD  ;-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html