No EAP session matching the State variable

Contact (COEXSI) contact at coexsi.fr
Fri May 16 22:15:08 CEST 2014


> Contact (COEXSI) wrote:
> > In the case of the bogus NAS I'm testing, it's quite different.
> > The NAS send the first message with its own EAP identifier (normal).
> > The server respond with a new EAP identifier that it has generated
> > (seems normal).
> > The NAS send the second message with a newly EAP identifier (different
> > from the first one it has used and from the one received from the
> > server)
> 
>   It's broken.  Such behavior is forbidden in EAP.  RFC 3748 says that
> the identifier field MUST match.
> 
> > Can someone can confirm that the EAP identifier to be used in the
> > exchange is the one chosen by the server?
> 
>   Yes.  EAP-Requests are sent by the server to the client.
> EAP-Responses are sent from the client to the server.  The identifier in
> the EAP response has to match the identifier in the EAP request.
> 

Dear Alan,

Thank you for the confirmation, we'll check with the vendor.

Sebastien.

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list