Need 2.2.2 [was: FR 2.2.1 issue]

Stefan Winter stefan.winter at restena.lu
Mon Sep 23 08:24:11 CEST 2013 

Hi,

> Hmm... 2.2.1 is also behaving unclean at my site. I keep getting:

right, too early in the morning. I may have jumped on that bandwaggon
too quickly.

We do see a significant increase in the below, but it seems "normal" in
the sense that people are back to school and more inquisitive uninformed
people trigger these...

xlat fails because the User-Name doesn't exist in the DB (typo etc.) and
there is no SSHA1 password to mangle.

EAP session states go lost after about 9 round-trips of packets. 9
roundtrips is +- the time when asked for the username+password when
outer TLS is set up, so there may be new users having no clue, and go
searching for what to enter for more than the 120 (!) seconds I've set
session matching timeout to.

Stefan

> 
> Mon Sep 23 08:01:17 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:17 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:17 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:17 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:17 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:18 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:19 2013 : Error: rlm_expr: xlat failed.
> Mon Sep 23 08:01:19 2013 : Error: rlm_expr: xlat failed.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:21 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:23 2013 : Error: rlm_expr: xlat failed.
> Mon Sep 23 08:01:30 2013 : Error: rlm_expr: xlat failed.
> Mon Sep 23 08:01:33 2013 : Error: rlm_expr: xlat failed.
> Mon Sep 23 08:01:36 2013 : Error: rlm_expr: xlat failed.
> Mon Sep 23 08:01:38 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:38 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> Mon Sep 23 08:01:41 2013 : Error: rlm_eap: No EAP session matching the State variable.
> 
> With a config that ran smoothly with 2.2.0 (+the fixes that I needed to
> get SSHA1 decoding to work in a satisfying way).
> 
> I'm rolling back to that patched version now - the errors seem to create
> intermittent auth failures/timeouts.
> 
> Stefan
> 
>>
>>
>> alan
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>>
> 
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130923/f0f87017/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130923/f0f87017/attachment.pgp>

More information about the Freeradius-Devel mailing list