RADIUS packet did not have correct Message-Authenticator
Norbert Wegener
nw at sbs.de
Sat Dec 17 09:02:46 CET 2005
I must have been blind, as I permanently overlooked the existance of
Auth-Type := Accept.
Your suggestion solved the problem immediately.
Thank you very much.
Norbert
Dusty Doris wrote:
>> although I have not yet found the culprit, it is calming to know the
>> reason behind. I have read this and that documentation about
>> freeradius during the past time, but this one I think, did never
>> cross my way. Is there a document, where this behaviour is described?
>
>
> I believe its your users file, from your previous messages on ldap. I
> had given you an example of using ldap-group to make sure you hit that
> check-item you want. That worked, but now your access-accept is
> cancelling the EAP. Sorry if I confused you, but I was just focusing
> on the ldap part, didn't even realize there was something else going
> in inside this.
>
> Perhaps you should change it from:
>
> DEFAULT Ldap-Group == "515", Auth-Type := Accept
> Framed-Type = Framed,
> Tunnel-Type:1 = VLAN,
> Tunnel-Medium-Type:1 = IEEE-802,
> Tunnel-Private-Group-ID:1 = 100
>
> DEFAULT Auth-Type := Reject
>
> To:
> DEFAULT Ldap-Group == "515"
> Framed-Type = Framed,
> Tunnel-Type:1 = VLAN,
> Tunnel-Medium-Type:1 = IEEE-802,
> Tunnel-Private-Group-ID:1 = 100
>
>
> DEFAULT Auth-Type := Reject
>
>
> ?? I have never used EAP, but I belive if you take out the Auth-Type
> := Accept, the server should pick up on the fact that it needs to do
> EAP and will continue with that part. Someone else will be able to
> give more insight on that part.
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list