<muralidhar.gangaraju@wipro.com> wrote:
We are using FreeRADIUS server for one of our requirements and we saw freeradius server sending a reject packet with zero length attributes.
Do you have example packets?
Could anybody of u can help me in understanding in what circumstances FreeRadius server will send a reject packet with zero length attributes in between the access challenges OR access requests.
It happens when you configure it to send zero-length attributes...
In the normal scenario when the password or certificate mismatch is found the FreeRADIUS sends an access-Reject packet with EAP-Message and message Authenticator. But in the below case it does not send any attributes.
Access-Reject packets are normally empty. They do *not* contain zero-length attributes, they contain *no* attributes.
One such instance where we observed radius server sending reject packet with zero attributes is as follows.
...
rlm_realm: No '@' in User-Name =3D "root", looking up realm NULL rlm_realm: No such realm "NULL"
Please let me know if u need any more information.
The debug log you posted doesn't show the server sending ANY response. And an Access-Reject with no attributes is fine. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog