EAP-MD5: Access-Accept packet in debug log messages

Alan DeKok aland at deployingradius.com
Sun Aug 31 14:45:26 CEST 2014

Axel Luttgens wrote:
> While confronting my config attempts with various scenarios, I noticed that the Message-Authenticator seems to always be displayed as a sequence of null bytes:

  Yes.  It's printed out before it's calculated.

  The exact value of Message-Authenticator doesn't matter.  You don't
care what it is in the debug output.  You have no way of verifying that
it's correct.  So it might as well be all zeros.

> BTW, out of curiosity, attribute User-Name appears to be unconditionally added to the Acces-Accept packet; is this common practice?

  Read RFC 3579.

  Alan DeKok.

More information about the Freeradius-Users mailing list