Reply-Message and Eap
Sam Hartman
hartmans at mit.edu
Wed Mar 4 14:09:01 CET 2015
so, I understand why it would be confusing to have both a Reply-Message
and an Eap-Message in the same packet.
I'm a bit confused why it's desirable to insert an EAP failure into a
packet in an access reject case. We'd like to do a better job of error
reporting back to ABFAB clients than "Uh, it failed." for some things
we can use Error-Cause as we discussed previously.
However it would be really nice to get a text string back too.
What I'd like to do is send back a packet with no EAP message and a
Reply-Message.
Will that break things?
would it be reasonable to update policy to prefer keeping Reply-Message
over replacing Reply-Message with an EAP failure in the case where we're
handling a reject that currently has no EAP message at all? I.E. we
rejected before eap got called in authorize/authenticate, or unlang
removed Eap-Message.
--Sam
More information about the Freeradius-Devel
mailing list