RADIUS packet did not have correct Message-Authenticator
Norbert Wegener
nw at sbs.de
Fri Dec 16 20:59:27 CET 2005
Alan DeKok wrote:
>Norbert Wegener <nw at sbs.de> wrote:
>
>
>>I do not see the usual eap messages flying around, but nevertheless
>>radius sends an Access-Accept:
>>
>>
>...
>
>
>>modcall: leaving group authorize (returns updated) for request 0
>> rad_check_password: Found Auth-Type Accept
>>
>>
>
> Who sets that? The server doesn't do that by default.
>
> Some part of your configuration sets Auth-Type := Accept. As a
>result, the EAP module is not run during the "authenticate" stage, and
>no EAP-Message (or Message-Authenticator) gets sent back in the
>Access-Accept.
>
> I suggest walking through the debug log, looking at each module
>that's mentioned. Run the LDAP queries by hand, to see if they return
>Auth-Type = Accept. Look at the "users" file entries.
>
> My guess is that the entry at line 25 of the "users" file has the Accept.
>
> Alan DeKok.
>
>
Thank you Alan,
although I have not yet found the culprit, it is calming to know the
reason behind. I have read this and that documentation about freeradius
during the past time, but this one I think, did never cross my way. Is
there a document, where this behaviour is described?
Norbert Wegener
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list