Quick question about RFC 3579 2.6.5

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri Jan 25 12:10:00 CET 2013


> Well, RFC 3579 2.6.5 says : If EAP-Message, then there MUST not be a
> Reply-Message. I understand the point on this based on the RFC.

check RFC 5080 - which updates that RFC.  however, your reply message is
not going on as part of the EAP conversation....you are sending the reply
message to the outer-tunnel as part of the reject...no within the inner-tunnel
EAP session...so there shouldnt be any EAP message around (but hey, who knows? ! ;-) )

just run in debug mode  (radiusd -X) and check/see what packets and contents 
you are sending 

dont worry too much - some RADIUS servers break all the specs with regards to
contents of some packets...at least FreeRADIUS gives you the chance to behave
( I assume you are running the attr filter on access requests to keep the contents
legal? ;-) )


More information about the Freeradius-Users mailing list