Quick question about RFC 3579 2.6.5
Olivier Beytrison
olivier at heliosnet.org
Sat Jan 26 11:11:42 CET 2013
On 25.01.2013 12:10, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> Well, RFC 3579 2.6.5 says : If EAP-Message, then there MUST not be a
>> Reply-Message. I understand the point on this based on the RFC.
>
> check RFC 5080 - which updates that RFC. however, your reply message is
> not going on as part of the EAP conversation....you are sending the reply
> message to the outer-tunnel as part of the reject...no within the inner-tunnel
> EAP session...so there shouldnt be any EAP message around (but hey, who knows? ! ;-) )
Welle there's an EAP-Message in the Access-Reject with code 0x04 for the
failure ;)
> dont worry too much - some RADIUS servers break all the specs with regards to
> contents of some packets...at least FreeRADIUS gives you the chance to behave
> ( I assume you are running the attr filter on access requests to keep the contents
> legal? ;-) )
Yeah I do filter everything that comes from NAS and from outside of my
eduroam realm. You can't trust people :p I only allow
WISPr-Location-Info as this start to be widely used in switzerland when
user are roaming :)
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list