AW: Additional reply attributes via eap-pwd possible?

denny.friebe at denny.friebe at
Wed Jan 27 11:03:21 CET 2021

I have taken a closer look at my configuration. The setting
"use_tunneled_reply = yes" is not necessary as long as "if (1)" is
configured in the inner-tunnel configuration under post-auth. Am I right?

However, commenting out "use_tunneled_reply" under mods-enabled/eap
unfortunately did not bring any further change.

I am a little confused about the output of eap once the attributes have been
read from the database:


(2) eap_pwd: } # server inner-tunnel

(2) eap_pwd: Got tunneled reply code 0

(2) eap_pwd:   LCS-TxRateLimit = 6000

(2) eap_pwd:   LCS-RxRateLimit = 2000

(2) eap: Sending EAP Request (code 1) ID 41 length 102

(2) eap: EAP session adding &reply:State = 0x58f212fd59db2661



Is it correct that the EAP state is truncated here? The full EAP state
appears to be 0x58f212fd59db26614f0b717cc688911b:


(2) Sent Access-Challenge Id 222 from to
length 0

(2)   EAP-Message =

(2)   Message-Authenticator = 0x00000000000000000000000000000000

(2)   State = 0x58f212fd59db26614f0b717cc688911b

More information about the Freeradius-Users mailing list