Re: EAP Auth failing with CVS Head

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Tue, 18 Dec 2007 16:37:36 +0000

Alan DeKok wrote:

Arran Cudbard-Bell wrote:

EAP Auth appears to be failing for no reason with CVS head.

It probably has something to do with

"  rlm_eap: Request found, released from the list
rlm_eap: Response appears to match, but EAP type is wrong.
 rlm_eap: Failed in handler"

  Ok...

rad_recv: Access-Request packet from host 139.184.9.177 port 1024,
...
Sending Access-Challenge of id 172 to 139.184.9.177 port 1024
   EAP-Message = 0x01ca00061920
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x000000000000000000000000000000ca

  Well, that's wrong.  The State attribute should be a bunch of random
hex stuff, not all zeros.

  This is on a 64-bit machine?

Yes, and it only happens for random users, and often only after a few 

minutes of running. I can find a failing user, force re-authentication, 

have it fail, restart the server, force re-authentication and have it 

succeed .

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk)
Authentication, Authorisation and Accounting Officer

Infrastructure Services | ENG1 E1-1-08 

University Of Sussex, Brighton

EXT:01273 873900 | INT: 3900