How I can properly send error reasons for EAP requests Access-Reject?
Alan DeKok
aland at deployingradius.com
Wed Aug 3 17:19:04 UTC 2022
On Aug 3, 2022, at 12:25 PM, work vlpl <thework.vlpl at gmail.com> wrote:
> Yes, most likely this is not counted as 2 EAP-Messages, because I read
> in RFC that they should be concatenated. But this is what I see in the
> eapol_test output.
> Received 51 bytes from RADIUS server
> Received RADIUS message
> RADIUS message: code=3 (Access-Reject) identifier=8 length=51
> Attribute 79 (EAP-Message) length=6
> Value: 045b0004
> Attribute 80 (Message-Authenticator) length=18
> Value: 3c2cba56f12f77053c8264207be0a8d2
> Attribute 79 (EAP-Message) length=7
> Value: 6572726f72
> STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
> request, round trip time 1.05 sec
OK...
> And with unlang I am doing next
>
> update reply {
> EAP-Message += "error"
> }
Don't do that. Use Reply-Message.
EAP-Message is calculated automatically by the EAP module. It's supposed to contain EAP packets, not random text.
Alan DeKok.
More information about the Freeradius-Users
mailing list