There is no "Calling-Station-Id" attribute in access-requests sent in response to radius challenge from pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)

[Axel Luttgens]

Le 31 août 2014 à 23:21, Dmitry Saratsky a écrit :

> Hi all,
> 
> I'm using freeradius for custom 2-factor OTP authentication as below:
> RADIUS_CLIENT > Access-Request(User/Pass) > FreeRADIUS(check user pass and if ok -> generates state) > Access-Challenge > RADIUS_CLIENT> Access-Request(User/OTP/state) > FreeRADIUS
> 
> In first Access-Request (before Access-Challenge) RADIUS_CLIENT is sending all required attributes well
> My problem is on the second Access-Request (after Access-Challenge). There is no "Calling-Station-Id" attribute on this state for some reason...
> I have checked this on the following radius client: pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)

Hello Dmitri,

According to RFC 2865, an Access-Request packet MUST come with either a Calling-Station-Id or a NAS-Identifier AVP.
So, if you don't have one, perhaps could you achieve something with the other one (if present, of course)?


> Anyone can suggest some work around for above? Maybe it is configuration issue I'm missing?

Looks more to be a "RADIUS_CLIENT" issue.
Could you post an example of a (first Access-Request, second Access-Request) pair sent by that "RADIUS_CLIENT"?

Axel