On 25.01.2013 12:10, [email protected] wrote:
Hi,
Well, RFC 3579 2.6.5 says : If EAP-Message, then there MUST not be a
Reply-Message. I understand the point on this based on the RFC.
check RFC 5080 - which updates that RFC. however, your reply message is
not going on as part of the EAP conversation....you are sending the reply
message to the outer-tunnel as part of the reject...no within the inner-tunnel
EAP session...so there shouldnt be any EAP message around (but hey, who knows?
! ;-) )
Welle there's an EAP-Message in the Access-Reject with code 0x04 for the
failure ;)
dont worry too much - some RADIUS servers break all the specs with regards to
contents of some packets...at least FreeRADIUS gives you the chance to behave
( I assume you are running the attr filter on access requests to keep the
contents
legal? ;-) )
Yeah I do filter everything that comes from NAS and from outside of my
eduroam realm. You can't trust people :p I only allow
WISPr-Location-Info as this start to be widely used in switzerland when
user are roaming :)
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: [email protected]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
