Current status of freeradius v4

Jan-Frederik Rieckers rieckers+freeradius-devel at
Fri Jul 26 15:04:36 CEST 2019

I'll set up a set of docker containers to test some different use cases
I can imagine when dealing with RADIUS proxying in eduroam.

Probably this will take the next week, when I'm ready I'll post a link
where you can try out all these things.

With the current master I still have the problem that, if I omit the
"if (updated)"-Section freeradius sends out Access-Reject when getting
an Access-Challenge. When I put the "if(updated)" section there, it
sends out the Access-Challenge, but with incorrect Message Authenticator
and I haven't foud a way to tell my check script to ignore the Message
Authenticator, so I haven't tested it further yet.

I currently can't post the radius debug output, I'll probably do that in
a few days, when I had the time to create a setup without any production
secrets inside the configuration.

Jan-Frederik Rieckers

On 26.07.19 00:20, Alan DeKok wrote:
> On Jul 24, 2019, at 2:11 PM, Jan-Frederik Rieckers <rieckers+freeradius-devel at> wrote:
>> I've tried these "fixes":
>> * Leave everything as it is
>> * Remove the update{} section
>> * Add the "ok" after the update{}
>> All of these fixes don't work.
>   Which means... what?
>> When I run eapol_test, it tells me for the reply
>> Invalid Message-Authenticator!
>> Incoming RADIUS packet did not have correct Message-Authenticator - dropped
>> So it seems to be a problem with message authenticator also?
>   Yes, it's not creating a Message-Authenticator attribute for proxied replies that have EAP-Message. 
>   I've pushed a fix.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Devel mailing list