access reject problem
Brian Candler
b.candler at pobox.com
Sun Jan 15 12:29:51 CET 2017
On 13/01/2017 14:13, Brian Candler wrote:
> It would be really weird if a NAS receives Access-Reject and still
> goes ahead and starts the session anyway.
Aside: I have a vague feeling that in the distant past I came across a
NAS that could be configured so that if it received no RADIUS
authentication response at all, it defaulted to access accept. This
would have been way back in the days of pay-as-you-go dial-up Internet
access.
So it may also be worth shutting down the NIC on the RADIUS server, and
trying to authenticate. I would expect the NAS would resend
Access-Request packets two or three times; then you can see what happens
if it gets no response to any of them.
Note that this is not the same as just shutting down the radiusd
process, since in that case the OS will send back an ICMP "port
unreachable" message which might be handled differently by the NAS.
More information about the Freeradius-Users
mailing list