RFC 3579 and Access-Accepts
Alan DeKok
aland at deployingradius.com
Wed Sep 19 15:48:49 CEST 2007
Stefan Winter wrote:
> it seems that FreeRADIUS is sending an EAP-Message fragment along with its
> Access-Accepts, as in:
...
> Whereas RFC 3579 , chapter 2.6.5 says:
> "An EAP-Message/EAP-Request/Notification SHOULD NOT be included within an
> Access-Accept or Access-Reject packet."
See Appendix A. They clearly show EAP-Success in an Access-Accept.
See also Section 2.6.3:
Access-Accept packets SHOULD have only one EAP-Message attribute in
them, containing EAP Success; similarly, Access-Reject packets SHOULD
have only one EAP-Message attribute in them, containing EAP Failure.
> This is now the second RADIUS implementation I see that behaves like that - is
> there a reason for the EAP-Message and something wrong with 3579, or is that
> SHOULD NOT just ignored by most?
I'm curious as to which implementations *don't* send EAP-Success in
Access-Accept. If they don't do that, then what the heck is in the
Access-Accept?
Alan DeKok.
More information about the Freeradius-Users
mailing list