On Sun, 10 Oct 2004, Josh Howlett wrote: > On Sun, 10 Oct 2004, Alan DeKok wrote: > > > Josh Howlett <[EMAIL PROTECTED]> wrote: > > > In fact, the returned attributes in the second Access-Accept are the > > > same as the first (when they should have been different). > > > > > > I am speculating here, but it is possible that FR has gotten confused by > > > the fact that each Access-Request bears the same source IP:port and ID > > > field, and is returning a duplicate Access-Accept? > > > > Ah, that's what I suspected. > > > > The NAS is probably re-using the same authentication vector (try > > tcpdump -x, or ethereal to see it). In that case, with: > > > > - same ID > > - same packet type > > - same authentication vector > > > > The server MUST respond with the same reply packet as of a few > > seconds ago. > > What's an 'authentication vector'? Is this the packet authenticator?
Replying to my own mail - the Authenticators are the same in both packets. So is this definitely a NAS bug? From my reading of the Authn RFC, the Authenticator should be unique... thanks for your help Alan. josh. ------------------------------------------------------------ Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] ------------------------------------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html