No EAP session matching the State variable
Contact (COEXSI)
contact at coexsi.fr
Fri May 16 22:15:08 CEST 2014
> Contact (COEXSI) wrote:
> > In the case of the bogus NAS I'm testing, it's quite different.
> > The NAS send the first message with its own EAP identifier (normal).
> > The server respond with a new EAP identifier that it has generated
> > (seems normal).
> > The NAS send the second message with a newly EAP identifier (different
> > from the first one it has used and from the one received from the
> > server)
>
> It's broken. Such behavior is forbidden in EAP. RFC 3748 says that
> the identifier field MUST match.
>
> > Can someone can confirm that the EAP identifier to be used in the
> > exchange is the one chosen by the server?
>
> Yes. EAP-Requests are sent by the server to the client.
> EAP-Responses are sent from the client to the server. The identifier in
> the EAP response has to match the identifier in the EAP request.
>
Dear Alan,
Thank you for the confirmation, we'll check with the vendor.
Sebastien.
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list