commenting on my own post:
> effectively, it's a re-request since the id-number is the same. the TLS > error probably comes from the shortened message or something similar, > the data seems to be corrupted in some way. radius seems to just reject > from that moment on, it doesn't seem to check the second message for its > correctness (IMHO, it should however, since it's udp). what i want to say is: the first message can be wrong because it is UDP. freeradius doesn't answer to it with a Reject. this is correct IMHO. it should accept N ( N=? ) wrong re-requests (requests with same ID, same eap number, etc. but _different_ data) before rejecting a user. it now seems to reject immediately after the second message arrives or is it able to see that the messages are exactly the same? developers, could you say on the fly what the current behaviour is? thanks artur -- Artur Hecker De'partement Informatique et Re'seaux, ENST Paris http://www.infres.enst.fr/~hecker - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
