Freeradius not authenticating Wireless Clients

Seann Clark nombrandue at tsukinokage.net
Fri Oct 2 22:28:32 CEST 2009 

Ivan Kalik wrote:
>>     I am having problems with my freeradius server for the past 24
>> hours, which seems that the radius server isn't authenticating EAP-TLS
>> clients from my wireless network. I am looking for a little advice from
>> the local subject matter experts. I am running a Vista and an XP home
>> client right now, both worked, I rebuilt the Vista machine and wasn't
>> able to authenticate. my WAP tends to not service Radius requests when
>> the radius server goes away for whatever reasons, and the fix is just to
>> cycle power on it. It is a WRT54GS by Linksys, and after the last power
>> cycle, it just doesn't authenticate clients anymore. If it is the WAP, I
>> am wondering what suggestions people have for a good WAP that is stable
>> and runs WPA2 Enterprise? What I am seeing from Radiusd on Debug mode is:
>>
>> rad_recv: Access-Request packet from host 192.168.10.10 port 1784, id=1,
>> length=152
>>     
>
> Then:
>
>   
>> rad_recv: Access-Request packet from host 192.168.10.10 port 1786, id=1,
>> length=152
>>     
> ...
>   
>> Cleaning up request 63 ID 1 with timestamp +594
>> Cleaning up request 64 ID 1 with timestamp +594
>> Cleaning up request 65 ID 1 with timestamp +594
>> Cleaning up request 66 ID 1 with timestamp +594
>> Cleaning up request 67 ID 1 with timestamp +594
>> Cleaning up request 68 ID 1 with timestamp +594
>>     
>
> It seems to be sending the initial request over and over again. Is your AP
> getting the response from the radius server?
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
Just to quickly clarify this issue, after changing and troubleshooting 
for a while, I learned something very valuable, always check all 
certificates expiration dates. The issue was the Radius cert expired 
without alerting me (corrected now, and monitored on expiration date for 
all certs). The odd thing is I didn't even get a complaint from Radius 
when I stop/started the service, either. Live and learn I guess.

Thanks for helping out with this though.

~Seann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5544 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091002/e9b061ba/attachment.bin>

More information about the Freeradius-Users mailing list