access reject problem

Brian Candler b.candler at
Sun Jan 15 12:29:51 CET 2017

On 13/01/2017 14:13, Brian Candler wrote:
> It would be really weird if a NAS receives Access-Reject and still 
> goes ahead and starts the session anyway. 

Aside: I have a vague feeling that in the distant past I came across a 
NAS that could be configured so that if it received no RADIUS 
authentication response at all, it defaulted to access accept.  This 
would have been way back in the days of pay-as-you-go dial-up Internet 

So it may also be worth shutting down the NIC on the RADIUS server, and 
trying to authenticate. I would expect the NAS would resend 
Access-Request packets two or three times; then you can see what happens 
if it gets no response to any of them.

Note that this is not the same as just shutting down the radiusd 
process, since in that case the OS will send back an ICMP "port 
unreachable" message which might be handled differently by the NAS.

More information about the Freeradius-Users mailing list