EAP failure since upgrade

Jonathan Gazeley jonathan.gazeley at bristol.ac.uk
Thu Jun 26 11:41:24 CEST 2008 

Hello,

Until a couple of days ago, my FreeRadius setup was working perfectly 
normally - running FreeRadius 2.0.1 on a Centos 5 server.  FreeRadius 
was compiled from source, not installed from a repository. Two days ago 
I received some automatic updates from standard Centos repo, and since 
then Radius has not worked.

Running eapol test gives some output, including this (more of the output 
can be supplied on demand):

EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=9 length=44
   Attribute 79 (EAP-Message) length=6
      Value: 04 09 00 04
   Attribute 80 (Message-Authenticator) length=18
      Value: 43 9e 23 c8 74 b1 a0 9f 8c 3b 83 be e8 36 a8 30
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending 
request, round trip time 0.20 sec
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=9 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=0
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE

I checked and verified all the Freeradius configs. I recompiled 2.0.1 , 
and later compiled and installed 2.0.5 but this shows identical symptoms.

I have attached the relevant section of my yum.log to show which 
packages were updated. The Radius server was tested once every minute by 
authenticating with a test account. This was first reported to fail at 10:48

I do not know which package could have caused this behaviour - has 
anyone else seen anything like this?

It is quite urgent that I get this fixed asap as it is a production box 
at Bristol university. Currently we are running on the backup box, where 
I was luckily able to disable automatic updates before they were applied.

Any advice will be gratefully received.

Cheers,
Jonathan

----------------------------
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless & VPN Team
Information Services
University of Bristol
----------------------------

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: yumlog.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080626/f729c212/attachment.txt>

More information about the Freeradius-Users mailing list