EAP abort in the middle of conversation [SOLVED+suggestion]

Stefan Winter stefan.winter at restena.lu
Wed Nov 22 08:55:25 CET 2006

Hi Alan,

>   Where's the State attribute?  It's *required* to be there for EAP to
> work.  Either the client is dropping State, or one of the proxies is
> dropping it.
>   All in all, I think one of the proxies is broken.  If it's Radiator,
> discuss it with them, and we can hash it out.

Actually, the first-in-line FR 1.1.3 is the one that behaved strangely. I 
configured the attr_filter module in the post-proxy section, because I may 
receive attributes like VLAN id's from upstream proxies which are either 
meaningless or even harmful.
Problem is: the shipped $raddbdir/attrs file strips off EAP conversations 
completely, so I had to edit it to allow EAP-Message to go through. While 
doing that, I forgot the State attribute (and wasn't even aware that it is so 
crucial; time for a little RTFRFC). Now that I added State =* ANY to the list 
of allowed attributes things work like a charm.

But I would like to suggest to add at least EAP-Message and State in the 
default attrs file that's shipped. This was really an ugly caveat.


Stefan Winter


Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061122/0f6baa40/attachment.pgp>

More information about the Freeradius-Users mailing list