Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Terry Burton
On Thu, 20 Aug 2020 at 14:54, Mohit Sethi M wrote: > It would be a misinterpretation to say that everything from the > authenticator is an EAP-Request hence EAP-Failure is also a Request. > It's an EAP packet with a different Code. Thus, it is wrong to say that > text "the authenticator SHOULD NOT

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Mohit Sethi M
Hi Terry, It would be a misinterpretation to say that everything from the authenticator is an EAP-Request hence EAP-Failure is also a Request. It's an EAP packet with a different Code. Thus, it is wrong to say that text "the authenticator SHOULD NOT send another Request" also implies that the

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Terry Burton
On Thu, 20 Aug 2020 at 13:34, Mohit Sethi M wrote: <...snip...> > It's also contrary to... > > Type zero (0) is used to indicate that the sender has > no viable alternatives, and therefore the authenticator SHOULD NOT > send another Request after receiving a Nak Response containi

[Emu] Fwd: Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Oleg Pekar
Hi Terry >In practise: > >* FreeRADIUS sends RADIUS Access-Reject / EAP-Message / EAP-Failure. >* hostapd's RADIUS server sends RADIUS Access-Reject / EAP-Message / EAP-Failure. >* A commercial RADIUS server implementation sends nothing. Cisco Identity Services Engine RADIUS also returns RADIUS

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Mohit Sethi M
Hi Terry, On 8/20/20 3:02 PM, Terry Burton wrote: On Thu, 20 Aug 2020 at 10:00, Mohit Sethi M wrote: I surely must be missing something here: Packet 6 is an EAP-Response from the peer. Packet 7 contains another EAP-Response inside a RADIUS

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Terry Burton
On Thu, 20 Aug 2020 at 10:00, Mohit Sethi M wrote: > I surely must be missing something here: > > Packet 6 is an EAP-Response from the peer. Packet 7 contains another > EAP-Response inside a RADIUS Access-Request? That doesn't make sense. EAP is > lock-step request-response protocol. The convers

Re: [Emu] Appropriate AAA/EAP response to a peer's NAK when there are no overlapping methods

2020-08-20 Thread Mohit Sethi M
Hi Terry, I surely must be missing something here: Packet 6 is an EAP-Response from the peer. Packet 7 contains another EAP-Response inside a RADIUS Access-Request? That doesn't make sense. EAP is lock-step request-response protocol. The conversation you describe is incorrect. My reading of RF