Thank you, I got it and already tried that attribute. The behaviour is a bit
better, but does not really lead to the desired result, as the client gets
an:
Incoming RADIUS packet did not have correct Message-Authenticator - dropped
Well, at least you've got the ldap part working. The
message-authenticator shouldn't have anything to do with ldap. It has to
do with the packet between the radius server and the nas.
Seems ok, but unfortunately on the other side, the result is not that good.
Alan proposed eapol_test recently for testing of such connections(thank you,
very usefull) and this tool shows me:
...
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=0 length=38
Attribute 64 (?Unknown?) length=6
Attribute 65 (?Unknown?) length=6
Attribute 81 (?Unknown?) length=6
STA 00:00:00:00:00:02: Received RADIUS packet matched with a pending request,
round trip time 0.15 sec
No Message-Authenticator attribute found
Incoming RADIUS packet did not have correct Message-Authenticator - dropped
STA 00:00:00:00:00:02: No RADIUS RX handler found (type=0 code=2 id=0) -
dropping packet
EAPOL: startWhen --> 0
EAPOL test timed out
MPPE keys OK: 0 mismatch: 1
FAILURE
I can't help on this part. I'd start a new thread with that error, so the
subject line might draw some attention from someone that can.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
