EAP-success Id mis-match?

Cao,Zhen (cz) zehn.cao at gmail.com
Mon Feb 4 03:21:26 CET 2013

Hi All,

I am using freeradius-2.2.0 and configure it as EAP authentication server.

I met some problem of the EAP authentication. Could you help take a
look? Thanks in advance.

The phenomenon I encounter in an EAP-SIM exchange is as below, peer
denotes the client, and AAA denotes the freeradius.

1. peer-->AAA, with EAP-response (id=0) – in response to EAP-identity
2.AAA-->peer, with EAP-request (id=119)
3.peer-->AAA, with EAP-response(id=119)
4.AAA-->peer, with EAP-request (id=120)
5.peer-->AAA, with EAP-response(id=120)
6. AAA-->peer, Access-Accept, with EAP-success (id=121)

EAP-success with id that is different from the one in message #5.
Should the client regards the authentication as successful?

I found some client did not do in this way and re-send the message 5
(and then AAA replies with access reject), and some client do regard
it as success

I test with some other AAA server and some indeed do not increase the
message id in the EAP-success, and in this case the authentication

What’s the standard way then?

Thanks very much for the kind help!

Thanks and regards,

More information about the Freeradius-Users mailing list