FreeRADIUS not sending "Access-Accept" for Cisco Phone

Alan DeKok aland at deployingradius.com
Fri May 27 03:05:30 CEST 2016


> On May 26, 2016, at 8:32 PM, craig at mypenguin.net.au wrote:
> 
> Ok I've upgraded to freeradius-server-3.0.11
> Below is the output I get from the Cisco phone attempt, this is
> iteration "320" and it just continues to make attempts (i assume because
> it's UDP)?

  It's continuing to make attempts because it's repeatedly trying to login.

  Looking at one packet is nice, but not helpful.  You need to post the START of an authentication attempt, all the way to the END of that authentication attempt.  If you're not sure, 20-30 packets in a row should be enough.

  And then READ the debug output, looking for error messages, warnings, etc.

  If there's no such messages, then your choices are more limited.  The Cisco phone doesn't like *something* about FreeRADIUS.  It's hard to find out what it doesn't like, as the phone won't produce useful logs.  Maybe disable_tlsv1_2 i the EAP module?

  So... since FreeRADIUS works with everything, I'd blame the phone.  It's broken.

  Alan DeKok.




More information about the Freeradius-Users mailing list