FreeRadius sends Access-Reject for MAC-AUTH, if shared secret on NAS and server differ

Phani Siriki yvsg.phanis at gmail.com
Mon Apr 15 00:04:19 CEST 2019


Hi Matthew,

Yes, you are correct. But in case of MAC-AUTH which is doing PAP
authentication, Access-Reject is sent. FreeRadius should have dropped
the request without sending Access-Reject right? Can we make
FreeRadius not reply in case MAC-auth if shared secret is wrong.

Best Regards
Phani

On Sun, Apr 14, 2019 at 2:57 PM Matthew Newton <mcn at freeradius.org> wrote:
>
> On Sun, 2019-04-14 at 14:48 -0700, Phani Siriki wrote:
> > My main question is, why does FreeRadius not send Access-Reject(if
> > shared secret is not correct) when I try to do EAP authentication?
>
> Because the shared secret is wrong.
>
> > (2) Received Access-Request Id 1 from 172.24.85.69:60091 to
> > 172.24.66.67:1812 length 141
> > Dropping packet without response because of error: Received packet
> > from 172.24.85.69 with invalid Message-Authenticator!  (Shared secret
> > is incorrect.)
>
> This should be clear enough: the request was dropped. There's nothing
> to process so no reply is sent.
>
> --
> Matthew
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list