EAP-success Id mis-match?
Cao,Zhen (cz)
zehn.cao at gmail.com
Mon Feb 4 03:21:26 CET 2013
Hi All,
I am using freeradius-2.2.0 and configure it as EAP authentication server.
I met some problem of the EAP authentication. Could you help take a
look? Thanks in advance.
The phenomenon I encounter in an EAP-SIM exchange is as below, peer
denotes the client, and AAA denotes the freeradius.
1. peer-->AAA, with EAP-response (id=0) – in response to EAP-identity
2.AAA-->peer, with EAP-request (id=119)
3.peer-->AAA, with EAP-response(id=119)
4.AAA-->peer, with EAP-request (id=120)
5.peer-->AAA, with EAP-response(id=120)
6. AAA-->peer, Access-Accept, with EAP-success (id=121)
EAP-success with id that is different from the one in message #5.
Should the client regards the authentication as successful?
I found some client did not do in this way and re-send the message 5
(and then AAA replies with access reject), and some client do regard
it as success
I test with some other AAA server and some indeed do not increase the
message id in the EAP-success, and in this case the authentication
passed.
What’s the standard way then?
Thanks very much for the kind help!
Thanks and regards,
Zhen
More information about the Freeradius-Users
mailing list