EAP abort in the middle of conversation [SOLVED+suggestion]
Stefan Winter
stefan.winter at restena.lu
Wed Nov 22 08:55:25 CET 2006
Hi Alan,
> Where's the State attribute? It's *required* to be there for EAP to
> work. Either the client is dropping State, or one of the proxies is
> dropping it.
>
> All in all, I think one of the proxies is broken. If it's Radiator,
> discuss it with them, and we can hash it out.
Actually, the first-in-line FR 1.1.3 is the one that behaved strangely. I
configured the attr_filter module in the post-proxy section, because I may
receive attributes like VLAN id's from upstream proxies which are either
meaningless or even harmful.
Problem is: the shipped $raddbdir/attrs file strips off EAP conversations
completely, so I had to edit it to allow EAP-Message to go through. While
doing that, I forgot the State attribute (and wasn't even aware that it is so
crucial; time for a little RTFRFC). Now that I added State =* ANY to the list
of allowed attributes things work like a charm.
But I would like to suggest to add at least EAP-Message and State in the
default attrs file that's shipped. This was really an ugly caveat.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061122/0f6baa40/attachment.pgp>
More information about the Freeradius-Users
mailing list