Reject packet with zero length
Hi all, We are using FreeRADIUS server for one of our requirements and we saw freeradius server sending a reject packet with zero length attributes. Could anybody of u can help me in understanding in what circumstances FreeRadius server will send a reject packet with zero length attributes in between the access challenges OR access requests. In the normal scenario when the password or certificate mismatch is found the FreeRADIUS sends an access-Reject packet with EAP-Message and message Authenticator. But in the below case it does not send any attributes. One such instance where we observed radius server sending reject packet with zero attributes is as follows. Going to the next request Cleaning up request 17 ID 243 with timestamp 44dd6e90 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 246 to 10.201.114.29:1050 Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.201.114.29:1050, id=165, length=158 NAS-IP-Address = 10.201.114.147 NAS-Port = 2 Framed-MTU = 1388 NAS-Port-Type = Wireless-802.11 Service-Type = 128 Called-Station-Id = "60-c4-b6-48-80-00:" Calling-Station-Id = "fc-50-d1-ba-70-00" NAS-Port-Id = "fc-50-d1-ba-70-00" State = 0xe92296731885b23183f47834fb748272 User-Name = "root" EAP-Message = 0x020500060d00 Message-Authenticator = 0x035037019647238daa63c6f29829afd2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "root", looking up realm NULL rlm_realm: No such realm "NULL" Please let me know if u need any more information. Thanks in advance. Regards, G Muralidhar Raju. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
<muralidhar.gangaraju@wipro.com> wrote:
We are using FreeRADIUS server for one of our requirements and we saw freeradius server sending a reject packet with zero length attributes.
Do you have example packets?
Could anybody of u can help me in understanding in what circumstances FreeRadius server will send a reject packet with zero length attributes in between the access challenges OR access requests.
It happens when you configure it to send zero-length attributes...
In the normal scenario when the password or certificate mismatch is found the FreeRADIUS sends an access-Reject packet with EAP-Message and message Authenticator. But in the below case it does not send any attributes.
Access-Reject packets are normally empty. They do *not* contain zero-length attributes, they contain *no* attributes.
One such instance where we observed radius server sending reject packet with zero attributes is as follows.
...
rlm_realm: No '@' in User-Name =3D "root", looking up realm NULL rlm_realm: No such realm "NULL"
Please let me know if u need any more information.
The debug log you posted doesn't show the server sending ANY response. And an Access-Reject with no attributes is fine. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
muralidhar.gangaraju@wipro.com