There's more going on the exchange than a simple authentication.
The data in the Access-Request packet may have correct data for
authentication. The server will correctly authenticate the entity.
However server signs the response packet with a different secret than
the client making the signature incorrect.
The client must check the signature on the Access-Accept packet and if
it's not correct must reject the authentication even though the reply
type is Access-Accept.
DilipSimha.N.M wrote:
hi,
If the shared-secret mismatches bwtween NAS and RADIUS server,
then still the access-accept message is sent from RADIUS server to NAS.
why is access-reject message not sent???
--DilipSimha
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html