How I can properly send error reasons for EAP requests Access-Reject?

work vlpl thework.vlpl at
Wed Aug 3 16:25:55 UTC 2022

On Wed, 3 Aug 2022 at 18:12, Alan DeKok <aland at> wrote:

>   Use Reply-Message.

Thank you!

>   You can't send 2 EAP-Message attributes.

Yes, most likely this is not counted as 2 EAP-Messages, because I read
in RFC that they should be concatenated. But this is what I see in the
eapol_test output.
Received 51 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=8 length=51
   Attribute 79 (EAP-Message) length=6
      Value: 045b0004
   Attribute 80 (Message-Authenticator) length=18
      Value: 3c2cba56f12f77053c8264207be0a8d2
   Attribute 79 (EAP-Message) length=7
      Value: 6572726f72
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 1.05 sec

And with unlang I am doing next

update reply {
                EAP-Message += "error"

More information about the Freeradius-Users mailing list