What is Radius Server Response code to the following test cases?

Question

I am testing my Radius server implementation but I'm not sure about the correct response code in the following cases:

1-Client Logging in without password 2-Client send bad request code Do you have any idea?

Answer 1

1. According to RFC 2865 0-1 Instances of the User-Password are allowed in a given Access-Request, and one of either the User-Password, Chap-Password or State attributes must be present.

An Access-Request MUST contain either a User-Password or a CHAP-Password or State. An Access-Request MUST NOT contain both a User-Password and a CHAP-Password. If future extensions allow other kinds of authentication information to be conveyed, the attribute for that can be used in an Access-Request instead of User-Password or CHAP-Password.

The RFC is silent on what should happen if none of these attributes are present, however.

If you wish to emulate popular RADIUS solutions (such as FreeRADIUS), you should return an Access-Reject in this instance.

2. This is dealt with in RFC 2865.

The Code field is one octet, and identifies the type of RADIUS packet. When a packet is received with an invalid Code field, it is silently discarded.

i.e. no response should be sent.