EAP-session did no finish! (Linux)

Alberto Martínez alberto_martinez at deusto.es
Tue Jan 17 13:18:57 CET 2012

>  The problem is ALWAYS the same.  The Wiki page describes the problems,
> and the solutions.

That particular error is known to pop out when a Windows client uses a
misconfigured certificate, or the MTU is too high. This case is neither one
nor the other.

>   Try setting up the second server as a brand new server with brand new
> certificates.  Follow the *documented* process of setting up a new
> server with EAP-TLS / PEAP.  It *will* work.

I have no heavy modifications of the original configuration, just the
minimum required for eap-peap-mschapv2 to work. Which has been copied from
a working server.

It's probably the cert.

I suspected that, but I'm making no progress with it, and I've ended with
the process pretty much automated. I will continue doing tests, but i felt
i was missing something else.

If it's NOT the cert, then you need to investigate the AP/switch or the
> client; FreeRADIUS is not receiving the next packet, so either the client
> or the AP/switch has dropped / ignored it.

Maybe, but the only change made was the address where to point at. However,
i should check that too.

> One thing to check is MTU; you've trimmed the debug so it's hard to know,
> but usually the next EAP packet would be large(-ish).

Framed-MTU = 1100 << from debug

fragment_size = 1024 << eap.conf (default setting)

Also check the client - look in the logs, or use tcpdump to check the
> client actually receives the EAP packet, and sends a reply. Likewise the
> AP/switch.
> Also check any firewalls inbetween.

Yes, it shows a conversation, so no dropped packets inbetween.

Alberto Martínez Setién
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone:  +34 - 94 413 90 00 Ext 2684
Fax:    +34 - 94 413 91 01
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120117/7c8070ae/attachment.html>

More information about the Freeradius-Users mailing list