RADIUS packet did not have correct Message-Authenticator
Dusty Doris
freeradius at mail.doris.cc
Fri Dec 16 21:46:52 CET 2005
> although I have not yet found the culprit, it is calming to know the reason
> behind. I have read this and that documentation about freeradius during the
> past time, but this one I think, did never cross my way. Is there a document,
> where this behaviour is described?
I believe its your users file, from your previous messages on ldap. I had
given you an example of using ldap-group to make sure you hit that
check-item you want. That worked, but now your access-accept is
cancelling the EAP. Sorry if I confused you, but I was just focusing on
the ldap part, didn't even realize there was something else going in
inside this.
Perhaps you should change it from:
DEFAULT Ldap-Group == "515", Auth-Type := Accept
Framed-Type = Framed,
Tunnel-Type:1 = VLAN,
Tunnel-Medium-Type:1 = IEEE-802,
Tunnel-Private-Group-ID:1 = 100
DEFAULT Auth-Type := Reject
To:
DEFAULT Ldap-Group == "515"
Framed-Type = Framed,
Tunnel-Type:1 = VLAN,
Tunnel-Medium-Type:1 = IEEE-802,
Tunnel-Private-Group-ID:1 = 100
DEFAULT Auth-Type := Reject
?? I have never used EAP, but I belive if you take out the Auth-Type :=
Accept, the server should pick up on the fact that it needs to do EAP and
will continue with that part. Someone else will be able to give more
insight on that part.
More information about the Freeradius-Users
mailing list