No EAP session matching the State variable
contact at coexsi.fr
Fri May 16 22:15:08 CEST 2014
> Contact (COEXSI) wrote:
> > In the case of the bogus NAS I'm testing, it's quite different.
> > The NAS send the first message with its own EAP identifier (normal).
> > The server respond with a new EAP identifier that it has generated
> > (seems normal).
> > The NAS send the second message with a newly EAP identifier (different
> > from the first one it has used and from the one received from the
> > server)
> It's broken. Such behavior is forbidden in EAP. RFC 3748 says that
> the identifier field MUST match.
> > Can someone can confirm that the EAP identifier to be used in the
> > exchange is the one chosen by the server?
> Yes. EAP-Requests are sent by the server to the client.
> EAP-Responses are sent from the client to the server. The identifier in
> the EAP response has to match the identifier in the EAP request.
Thank you for the confirmation, we'll check with the vendor.
> Alan DeKok.
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users