Hi, I am sending an Access-Request packet using radeapclient without password,** **
I am giving the following attributes in radeapclient:**** User-Name= "testuser"**** EAP-Code = Response**** EAP-Id = 210**** EAP-Type-Identity = " testuser "**** Message-Authenticator = 0x00**** ** ** ** ** But server is sending Access-Reject to the request.**** Following are the logs of radeapclient:**** ** ** User-Name= "testuser"**** EAP-Code = Response**** EAP-Id = 210**** EAP-Type-Identity = "testuser"**** Message-Authenticator = 0x00**** ** ** ** ** +++> About to send encoded packet:**** User-Name = "testuser"**** EAP-Code = Response**** EAP-Id = 210**** EAP-Type-Identity = "testuser"**** Message-Authenticator = 0x00**** <+++ EAP decoded packet:**** EAP-Message = 0x01d3001604107b44069aa80b67319a536bfd4f8ac713**** Message-Authenticator = 0xb4499f3ee54742d9dd8469980720dcf6**** State = 0x8a52e3488a81e7f33f4b54075fcd3936**** EAP-Id = 211**** EAP-Code = Request**** EAP-Type-MD5 = 0x107b44069aa80b67319a536bfd4f8ac713**** ** ** +++> About to send encoded packet:**** User-Name = "testuser"**** EAP-Code = Response**** EAP-Id = 211**** Message-Authenticator = 0x00000000000000000000000000000000**** EAP-Type-MD5 = 0x10d2c45d5e328b2b2db8bd66c7d171635d**** State = 0x8a52e3488a81e7f33f4b54075fcd3936**** <+++ EAP decoded packet:**** EAP-Message = 0x04d30004**** Message-Authenticator = 0xf6f7e2707ef22ea86a660a4ddce7fb30**** EAP-Id = 211**** EAP-Code = Failure**** ** ** On further investigation, i found an example to test eap-md5 in the source code{ freeradius-2.1.8 } in src/tests**** ** ** Example is :**** ** ** echo 'User-Name = "eapmd5"'**** echo 'Cleartext-Password = "md5md5"'**** echo 'NAS-IP-Address = marajade.sandelman.ottawa.on.ca'**** echo 'EAP-Code = Response'**** echo 'EAP-Id = 210'**** echo 'EAP-Type-Identity = "eapsim'**** echo 'Message-Authenticator = 0'**** echo 'NAS-Port = 0' )**** ** ** ** ** But EAP RFC3579 and RFC2869 states that User-Password should not be part of a radius packet containing EAP-Message attribute,**** ** ** **** it written that “An Access-Request that contains either a User-Password or** ** CHAP-Password or ARAP-Password or one or more EAP-Message attributes**** MUST NOT contain more than one type of those four attributes. If it**** does not contain any of those four attributes, it SHOULD contain a**** Message-Authenticator. If any packet type contains an EAP-Message**** attribute it MUST also contain a Message-Authenticator.”**** ** ** ** ** Please let me know if any specific configuration need to be done on the server so that server sends Access-Accept.**** **** ** ** Thanks in advance. Arpit
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html