How I can properly send error reasons for EAP requests Access-Reject?

Alan DeKok aland at
Wed Aug 3 17:19:04 UTC 2022

On Aug 3, 2022, at 12:25 PM, work vlpl <thework.vlpl at> wrote:
> Yes, most likely this is not counted as 2 EAP-Messages, because I read
> in RFC that they should be concatenated. But this is what I see in the
> eapol_test output.
> Received 51 bytes from RADIUS server
> Received RADIUS message
> RADIUS message: code=3 (Access-Reject) identifier=8 length=51
>   Attribute 79 (EAP-Message) length=6
>      Value: 045b0004
>   Attribute 80 (Message-Authenticator) length=18
>      Value: 3c2cba56f12f77053c8264207be0a8d2
>   Attribute 79 (EAP-Message) length=7
>      Value: 6572726f72
> STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
> request, round trip time 1.05 sec


> And with unlang I am doing next
> update reply {
>                EAP-Message += "error"
>        }

  Don't do that.  Use Reply-Message.

  EAP-Message is calculated automatically by the EAP module.  It's supposed to contain EAP packets, not random text.

  Alan DeKok.

More information about the Freeradius-Users mailing list